Unified threat management

This hub aggregates every CVE we track for Unified threat management, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Unified threat management.

• CVE-2023-22897An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essential...6.5Apr 12, 2023
• CVE-2023-22620An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards ...7.5Apr 12, 2023
• CVE-2022-0652Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against ...3.3Mar 21, 2022
• CVE-2022-0386A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.8.8Mar 21, 2022
• CVE-2021-25273Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.4.8Jul 29, 2021
• CVE-2020-25223A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11KEV9.8Sep 25, 2020
• CVE-2014-2537Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.7.8Mar 18, 2014
• CVE-2012-3238Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "...4.3Jul 9, 2012