Sophos Cyberoam

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:h:sophos:cyberoam:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorSophos (a481dca1-298d-56ee-9d5c-373f6e8cead2)
ProductCyberoam (662d9f4d-258a-5bd2-b6e4-9cf5aaad4d13)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-17059 not_vulnerable 2026-06-03 14:39:55.747541 Details available
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Published: 2019-10-11T16:45:57.000Z
Updated: 2024-08-05T01:33:16.816Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-9834 not_vulnerable 2026-06-03 14:36:17.471486 Details available
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.
Published: 2017-06-07T12:00:00.000Z
Updated: 2024-08-06T02:59:03.528Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.