GCVE - cpe:2.3:a:sophos:unified_threat_management

Approved changes feed: RSS · Atom

cpe:2.3:a:sophos:unified_threat_management_software:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sophos (`a481dca1-298d-56ee-9d5c-373f6e8cead2`)
Product	Unified Threat Management Software (`3bf45029-1058-5cfe-9ac7-7e692b2c98a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7442`	vulnerable	2026-06-03 14:36:07.719938	Details available The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. Published: 2016-10-03T16:00:00.000Z Updated: 2024-08-06T01:57:47.635Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1036931 http://www.securityfocus.com/bid/93266 http://www.securityfocus.com/archive/1/539518/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7397`	vulnerable	2026-06-03 14:36:07.360762	Details available The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. Published: 2016-10-03T16:00:00.000Z Updated: 2024-08-06T01:57:47.558Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1036931 http://www.securityfocus.com/bid/93266 http://www.securityfocus.com/archive/1/539518/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2046`	vulnerable	2026-06-03 14:35:36.467700	Details available Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Published: 2016-02-17T15:00:00.000Z Updated: 2024-08-05T23:17:50.120Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035048 http://seclists.org/fulldisclosure/2016/Feb/60 http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2537`	vulnerable	2026-06-03 14:33:51.134463	Details available Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Published: 2014-03-18T14:00:00.000Z Updated: 2024-08-06T10:14:26.610Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1029920 http://secunia.com/advisories/57344 http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/ http://www.securityfocus.com/bid/66231	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3238`	vulnerable	2026-06-03 14:31:56.936523	Details available Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. Published: 2012-07-09T22:00:00.000Z Updated: 2024-09-17T02:12:02.137Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html http://security.inshell.net/advisory/27 http://www.astaro.com/en-uk/blog/up2date/8305	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Unified Threat Management Software

PURL mappings

Vulnerability references

Contribute