Security Advisories

Advisory

Impact

CVE

Product Family

Sort by

Items per page

RSS Feed

Critical

Sophos Firewall v18.5 MR4 Resolves Security Vulnerabilities

CVE(s):

CVE-2022-1040

CVE-2021-25268

CVE-2022-1292

CVE-2022-1807

CVE-2021-25267

Updated: 2022 9月 7

Product(s):

Sophos Firewall

文章版本 1

发布 ID sophos-sa-20220907-sfos-18-5-4

First Published 周三, 09/07/2022 - 15:03

解决方法 No
Critical

Sophos Firewall v19.0 GA Resolves Security Vulnerabilities (CVE-2022-1040, CVE-2021-25268, CVE-2021-25267, CVE-2022-0331)

CVE(s):

CVE-2022-1040

CVE-2021-25268

CVE-2021-25267

CVE-2022-0331

Updated: 2022 5月 5

Product(s):

Sophos Firewall

文章版本 1

发布 ID sophos-sa-20220505-sfos-19-0-0

First Published 周四, 05/05/2022 - 17:52

解决方法 No
Low

Intercept X for Mobile (Android) Resolves Insecure Data Storage Vulnerability (CVE-2021-25266)

CVE(s):

CVE-2021-25266

Updated: 2022 4月 27

Product(s):

Sophos Authenticator

Sophos Mobile

文章版本 1

发布 ID sophos-sa-20220427-ixm-storage

First Published 周三, 04/27/2022 - 17:08

解决方法 No
Critical

Resolved RCE in Sophos Firewall (CVE-2022-1040)

CVE(s):

CVE-2022-1040

Updated: 2022 4月 5

Product(s):

Sophos Firewall

文章版本 3

发布 ID sophos-sa-20220325-sfos-rce

First Published 周五, 03/25/2022 - 12:00

解决方法 Yes
Informational

Advisory: Spring Cloud Function (SPEL) and Spring Framework AKA SpringShell vulnerabilities (CVE-2022-22963, CVE-2022-22965)

CVE(s):

CVE-2022-22963

CVE-2022-22965

Updated: 2022 4月 1

Product(s):

Cloud Optix

Reflexion

Sophos Central

Sophos Email

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos Switch

Sophos UTM

Sophos UTM Manager

文章版本 1

发布 ID sophos-sa-20220401-spring-rce

First Published 周五, 04/01/2022 - 15:48

解决方法 No
Medium

Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)

CVE(s):

CVE-2022-0331

Updated: 2022 3月 28

Product(s):

Sophos Firewall

文章版本 1

发布 ID sophos-sa-20220328-sfos-18-5-3

First Published 周一, 03/28/2022 - 01:08

解决方法 No
High

Sophos (SG) UTM 9.710 MR10 Resolves Security Vulnerabilities (CVE-2022-0386, CVE-2022-0652)

CVE(s):

CVE-2022-0386

CVE-2022-0652

Updated: 2022 3月 21

Product(s):

Sophos UTM

文章版本 1

发布 ID sophos-sa-20220321-utm-9710

First Published 周一, 03/21/2022 - 23:02

解决方法 No
High

Advisory: OpenSSL DoS vulnerability (CVE-2022-0778)

CVE(s):

CVE-2022-0778

Updated: 2022 3月 18

Product(s):

Sophos Firewall

Sophos UTM

Sophos Web Appliance (SWA)

文章版本 1

发布 ID sophos-sa-20220318-openssl-dos

First Published 周五, 03/18/2022 - 22:00

解决方法 No
Medium

SSL VPN Client Local DoS (CVE-2021-36809)

CVE(s):

CVE-2021-36809

Updated: 2022 3月 3

Product(s):

Sophos SSL VPN client

文章版本 1

发布 ID sophos-sa-20220303-sslvpn-local-dos

First Published 周四, 03/03/2022 - 09:30

解决方法 No
Informational

Advisory: Central Logging

CVE(s):

Updated: 2022 2月 8

Product(s):

Sophos Central

文章版本 2

发布 ID 2022-02-CentralLogging

First Published 周二, 02/08/2022 - 22:17

解决方法 No
High

Resolved Post-auth SQLi in Capsule8 Console (CVE-2022-0366)

CVE(s):

CVE-2022-0366

Updated: 2022 2月 1

Product(s):

Capsule8 Console

文章版本 1

发布 ID sophos-sa-20220201-cap8-console-sqli

First Published 周二, 02/01/2022 - 21:08

解决方法 No
Critical

Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832)

CVE(s):

CVE-2021-44228

CVE-2021-45046

CVE-2021-45105

CVE-2021-44832

Updated: 2022 1月 13

Product(s):

Client Authentication Agent

Cloud Optix

Intercept X Endpoint

Intercept X for Server

Reflexion

SafeGuard Enterprise (SGN)

Sophos Authenticator

Sophos Central

Sophos Connect Client 2.0

Sophos Email

Sophos Email Appliance (SEA)

Sophos Enterprise Console (SEC)

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos RED

Sophos SSL VPN client

Sophos Transparent Authentication Suite (STAS)

Sophos UTM

Sophos UTM Manager

Sophos Web Appliance (SWA)

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

文章版本 27

发布 ID sophos-sa-20211210-log4j-rce

First Published 周五, 12/10/2021 - 13:45

解决方法 No
High

Resolved Post-auth SQLi in SG UTM User Portal (CVE-2021-36807)

CVE(s):

CVE-2021-36807

Updated: 2021 11月 26

Product(s):

Sophos UTM

文章版本 1

发布 ID sophos-sa-20211126-sg-sqli

First Published 周五, 11/26/2021 - 10:07

解决方法 No
Medium

Resolved HMPA Service Local DoS (CVE-2021-25269)

CVE(s):

CVE-2021-25269

Updated: 2021 11月 26

Product(s):

Sophos Exploit Prevention

Intercept X for Server

Intercept X Endpoint

文章版本 1

发布 ID sophos-sa-20211126-ixa-hmpa-local-dos

First Published 周五, 11/26/2021 - 08:00

解决方法 No
Medium

Resolved App Password Bypass on Sophos Secure Workspace for Android (CVE-2021-36808)

CVE(s):

CVE-2021-36808

Updated: 2021 10月 29

Product(s):

Sophos Secure Workspace (Android)

文章版本 1

发布 ID sophos-sa-20211029-ssw-pw-bypass

First Published 周五, 10/29/2021 - 17:41

解决方法 No
High

Resolved LPE in HitmanPro.Alert (CVE-2021-25270)

CVE(s):

CVE-2021-25270

Updated: 2021 10月 7

Product(s):

HitmanPro.Alert

文章版本 2

发布 ID sophos-sa-20211007-hmpa-lpe

First Published 周四, 10/07/2021 - 10:23

解决方法 No
High

Resolved LPE in HitmanPro (CVE-2021-25271)

CVE(s):

CVE-2021-25271

Updated: 2021 10月 7

Product(s):

HitmanPro

文章版本 2

发布 ID sophos-sa-20211007-hmp-lpe

First Published 周四, 10/07/2021 - 09:56

解决方法 No
Critical

Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

CVE(s):

CVE-2020-25223

Updated: 2021 9月 23

Product(s):

Sophos UTM

文章版本 2

发布 ID sophos-sa-20200918-sg-webadmin-rce

First Published 周五, 09/18/2020 - 21:11

解决方法 Yes
Medium

Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

CVE(s):

CVE-2020-24586

CVE-2020-24587

CVE-2020-24588

Updated: 2021 5月 12

Product(s):

Sophos Firewall

Sophos UTM

Sophos Wireless

文章版本 1

发布 ID sophos-sa-20210512-fragattacks

First Published 周三, 05/12/2021 - 18:13

解决方法 No
High

Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

CVE(s):

CVE-2021-25264

Updated: 2021 5月 7

Product(s):

Intercept X Endpoint

文章版本 1

发布 ID sophos-sa-20210507-ix-macos-lpe

First Published 周五, 05/07/2021 - 18:11

解决方法 No