CVE-2022-4934

Name of the Vulnerable Software and Affected Versions Sophos Web Appliance versions prior to 4.3.10.4

Description A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance allows administrators to execute arbitrary code. The vulnerability is related to the failure to neutralize special elements when processing exceptions, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For versions prior to 4.3.10.4, update to version 4.3.10.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the exception wizard to minimize the risk of exploitation.