CVE-2016-6597

8.6HIGH

Key Information:

Vendor: Sophos
Status: Mobile Control Eas Proxy
Vendor: CVE Published:; 10 August 2016

Summary

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

References

http://www.securityfocus.com/bid/92351

vdb-entryx_refsource_BID

https://www.pallas.com/advisories/sophos_eas_open_reverse...

x_refsource_MISC

http://packetstormsecurity.com/files/138210/Sophos-Mobile...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 10, 2016
Vulnerability Reserved
Aug 4, 2016

Collectors

NVD DatabaseMitre Database