CVE-2017-6184

Опубликовано: 30 мар. 2017

Источник: nvd

CVSS3: 4.7

CVSS2: 6.5

EPSS Низкий

Описание

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

Ссылки

http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/97261
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2
Vendor Advisory
http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/97261
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*

Версия до 4.3.1.1 (включая)

EPSS

Процентиль: 79%

0.01223

Низкий

4.7 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-cwhp-m7c7-w6rm