Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4901 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 3.3 LOW |
|
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
|
|||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 5.5 MEDIUM |
|
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
|
|||||
| CVE-2022-48309 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 4.3 MEDIUM |
|
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
|
|||||
| CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
|
|||||