GCVE - cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sophos (`a481dca1-298d-56ee-9d5c-373f6e8cead2`)
Product	Unified Threat Management (`4e78f8fd-f009-500b-b35b-78c1da84a1ff`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-0652`	vulnerable	2026-06-03 14:45:56.558874	Details available LOW (3.3) Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. Published: 2022-03-21T23:45:15.000Z Updated: 2024-08-02T23:32:46.552Z Open on db.gcve.eu Reference links https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-0386`	vulnerable	2026-06-03 14:45:56.072480	Details available HIGH (8.8) A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Published: 2022-03-21T23:45:14.000Z Updated: 2024-08-02T23:25:40.274Z Open on db.gcve.eu Reference links https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25273`	vulnerable	2026-06-03 14:44:04.970854	Details available Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Published: 2021-07-29T19:17:34.000Z Updated: 2024-08-03T19:56:11.066Z Open on db.gcve.eu Reference links https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-706-released http://seclists.org/fulldisclosure/2021/Dec/3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25223`	vulnerable	2026-06-03 14:42:08.939100	Details available A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Published: 2020-09-25T00:00:00.000Z Updated: 2025-10-21T23:35:36.271Z Open on db.gcve.eu Reference links https://cwe.mitre.org/data/definitions/78.html https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223 http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.