CVE-2016-6597

Name of the Vulnerable Software and Affected Versions Sophos EAS Proxy versions prior to 6.2.0 for Sophos Mobile Control

Description The issue allows remote attackers to access arbitrary web resources from the backend mail system via a request for the resource when Lotus Traveler is enabled. This is described as an Open Reverse Proxy issue.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider disabling Lotus Traveler until a patch is available. Restrict access to the backend mail system to minimize the risk of exploitation.