CVE-2016-7442

Published: Oct 3, 2016Modified: May 6, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

Affected (1)

Products: Sophos: Unified Threat Management Software

1 product

Unified Threat Management Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sophos Unified Threat Management Software	Up to 9.405-5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/archive/1/539518/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/93266

Source: cve@mitre.org

http://www.securitytracker.com/id/1036931

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/539518/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/93266

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036931

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.