PT-2023-15687 · Sophos · Sophos Connect
Published
2023-03-01
·
Updated
2023-03-09
·
CVE-2022-48309
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sophos Connect versions prior to 2.2.90
Description
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives.
Recommendations
For Sophos Connect versions prior to 2.2.90, update to version 2.2.90 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive logs and technical support archives until the update is applied.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sophos Connect