CVE-2024-12727
- EPSS 1.58%
- Veröffentlicht 19.12.2024 21:15:07
- Zuletzt bearbeitet 12.11.2025 19:27:32
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eX...
CVE-2024-12728
- EPSS 0.17%
- Veröffentlicht 19.12.2024 21:15:07
- Zuletzt bearbeitet 12.11.2025 19:20:12
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
CVE-2024-12729
- EPSS 0.63%
- Veröffentlicht 19.12.2024 21:15:07
- Zuletzt bearbeitet 12.11.2025 19:08:33
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
CVE-2023-5552
- EPSS 0.07%
- Veröffentlicht 18.10.2023 00:15:10
- Zuletzt bearbeitet 21.11.2024 08:41:59
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.
CVE-2022-3236
- EPSS 91.04%
- Veröffentlicht 23.09.2022 13:15:10
- Zuletzt bearbeitet 27.10.2025 17:00:44
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.