CVE-2016-7397

4.4MEDIUM

Key Information:

Vendor: Sophos
Status: Unified Threat Management Software
Vendor: CVE Published:; 3 October 2016

Summary

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

References

http://www.securitytracker.com/id/1036931

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/93266

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/539518/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2016
Vulnerability Reserved
Sep 9, 2016

Collectors

NVD DatabaseMitre Database