Information Disclosure Vulnerability in Sophos Connect Software
CVE-2022-48310
5.5MEDIUM
Summary
An information disclosure flaw in Sophos Connect allows sensitive key material to be inadvertently included in technical support archives. This security issue affects all versions prior to 2.2.90, potentially exposing critical data during support interactions and increasing the risk of unauthorized access. Organizations using affected versions are urged to update immediately to mitigate potential security threats.
Affected Version(s)
Sophos Connect Client < 2.2.90
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mario Melcher - Information Security Professional at SEITENBAU GmbH