First published: Thu Dec 01 2022(Updated: )
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
Credit: security-alert@sophos.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos Xg Firewall Firmware | <19.5 | |
Sophos XG Firewall |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3710 is a post-auth read-only SQL injection vulnerability in Sophos Firewall releases older than version 19.5 GA.
CVE-2022-3710 allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
The severity level of CVE-2022-3710 is low with a CVSS score of 2.7.
The Common Weakness Enumeration (CWE) ID for CVE-2022-3710 is 89.
To fix CVE-2022-3710, update Sophos Firewall to version 19.5 GA or newer.