Vulnerabilities (CVE)

Filtered by vendor Sophos Subscribe

Filtered by product Xg Firewall

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-16117	1 Sophos	2 Sfos, Xg Firewall	2020-07-13	9.0 HIGH	8.8 HIGH
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVE-2018-16118	1 Sophos	2 Sfos, Xg Firewall	2019-06-25	9.3 HIGH	8.1 HIGH
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVE-2018-16116	1 Sophos	2 Sfos, Xg Firewall	2019-06-24	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.