Vulnerabilities (CVE)

Filtered by vendor Sophos Subscribe
Filtered by product Connect
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4901 1 Sophos 1 Connect 2024-11-21 N/A 3.3 LOW
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
CVE-2022-48310 1 Sophos 1 Connect 2024-11-21 N/A 5.5 MEDIUM
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
CVE-2022-48309 1 Sophos 1 Connect 2024-11-21 N/A 4.3 MEDIUM
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
CVE-2021-25265 2 Microsoft, Sophos 2 Windows, Connect 2024-11-21 6.8 MEDIUM 8.8 HIGH
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.