SQL Injection Vulnerability in SG UTM User Portal by Sophos
CVE-2021-36807

8.8HIGH

Key Information:

Vendor
Sophos
Status
Vendor
CVE Published:
26 November 2021

Summary

An SQL injection vulnerability exists in the user portal of SG UTM, allowing authenticated users to potentially execute arbitrary SQL commands. This security flaw affects versions prior to 9.708 MR8, posing a risk that could lead to unauthorized data manipulation or exposure within the vulnerable systems. It is crucial for users of SG UTM to review their current version and implement necessary updates to mitigate this vulnerability.

Affected Version(s)

SG UTM < 9.708 MR8

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.