SQL Injection Vulnerability in SG UTM User Portal by Sophos
CVE-2021-36807
8.8HIGH
Summary
An SQL injection vulnerability exists in the user portal of SG UTM, allowing authenticated users to potentially execute arbitrary SQL commands. This security flaw affects versions prior to 9.708 MR8, posing a risk that could lead to unauthorized data manipulation or exposure within the vulnerable systems. It is crucial for users of SG UTM to review their current version and implement necessary updates to mitigate this vulnerability.
Affected Version(s)
SG UTM < 9.708 MR8
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved