This page lists publicly disclosed CVE vulnerabilities affecting sophos connect (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-4901 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | [email protected] | 3.3 | 0.35% | 2023-03-01 | 2025-03-07 |
| CVE-2022-48310 | An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | [email protected] | 5.5 | 0.04% | 2023-03-01 | 2025-03-07 |
| CVE-2022-48309 | A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | [email protected] | 4.3 | 0.11% | 2023-03-01 | 2025-03-07 |
| CVE-2021-25265 | A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | [email protected] | 8.8 | 0.25% | 2021-03-22 | 2024-11-21 |