February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – NJRAT – Active IOCs
December 8, 2022Rewterz Threat Alert – Ghost RAT – Active IOCs
December 8, 2022Rewterz Threat Alert – NJRAT – Active IOCs
December 8, 2022Rewterz Threat Alert – Ghost RAT – Active IOCs
December 8, 2022
Severity
High
Analysis Summary
CVE-2022-3980
Sophos Mobile is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. By sending specially crafted XML data, a remote attacker could achieve server-side request forgery (SSRF) and potential code execution.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-3980
Affected Vendors
Sophos
Affected Products
- Sophos Mobile 9.7.4
- Sophos Mobile 5.0.0
Remediation
Refer to Sophos Security Advisory for patch, upgrade or suggested workaround information.