CVE-2016-7397

Published: Oct 3, 2016Modified: May 6, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

Affected (1)

Products: Sophos: Unified Threat Management Software

Sophos

1 product

Unified Threat Management Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sophos Unified Threat Management Software	Up to 9.405-5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/archive/1/539518/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/93266

Source: cve@mitre.org

http://www.securitytracker.com/id/1036931

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/539518/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/93266

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036931

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.