CVE-2022-4934

HIGH7.2Injection

JSON export Create alert

Description

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Sophos / Sophos Web Applianceunspecified – 4.3.10.4

References

VENDOR_ADVISORYhttps://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce

Updated 12m ago · 2 sources