CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.7648 (76.5%)
Percentile: 99.0%
EPSS: 2026-05-06
Affects
sophos:web_appliance_firmwaresophos:web_appliance_firmwaresophos:web_applianceTechnical description
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Published: 4/11/2014, 3:55:27 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://secunia.com/advisories/57706
- http://www.exploit-db.com/exploits/32789
- http://www.securityfocus.com/bid/66734
- http://www.sophos.com/en-us/support/knowledgebase/120230.aspx
- http://www.zerodayinitiative.com/advisories/ZDI-14-069/
- http://secunia.com/advisories/57706
- http://www.exploit-db.com/exploits/32789
- http://www.securityfocus.com/bid/66734