CVE-2016-7397

MEDIUM

Sophos Unified Threat Management Software - Information Disclosure

Title source: rule

Description

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036931

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/539518/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93266

Scores

CVSS v3 4.4

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

sophos/unified_threat_management_software < 9.405-5

n/a/n/a

Timeline

Published Oct 03, 2016

Tracked Since Feb 18, 2026