GCVE - cpe:2.3:a:sophos:connect:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sophos:connect:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sophos (`a481dca1-298d-56ee-9d5c-373f6e8cead2`)
Product	Connect (`566cf3ec-00ab-5ac8-8121-dcb0c32e5357`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-4901`	vulnerable	2026-06-03 14:48:43.349748	Details available LOW (3.3) Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. Published: 2023-03-01T00:00:00.000Z Updated: 2025-03-07T20:41:28.568Z Open on db.gcve.eu Reference links https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48310`	vulnerable	2026-06-03 14:48:28.586370	Details available MEDIUM (5.5) An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. Published: 2023-03-01T00:00:00.000Z Updated: 2025-03-07T20:41:57.054Z Open on db.gcve.eu Reference links https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48309`	vulnerable	2026-06-03 14:48:28.585959	Details available MEDIUM (4.3) A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. Published: 2023-03-01T00:00:00.000Z Updated: 2025-03-07T20:42:23.646Z Open on db.gcve.eu Reference links https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25265`	vulnerable	2026-06-03 14:44:04.949310	Details available A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Published: 2021-03-22T17:24:28.000Z Updated: 2024-08-03T19:56:11.097Z Open on db.gcve.eu Reference links https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-rce-in-sophos-connect-client-for-windows-cve-2021-25265	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.