Published: 10/08/2016 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Sophos EAS Proxy prior to 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote malicious users to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos mobile control eas proxy

Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM) platform Sophos Mobile Control, which allows control of mail access for managed mobile devices Anonymous attackers can access any web-resources of the backend mail system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is enabled Brute force attacks against users ...

CWE-254 https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability http://www.securityfocus.com/bid/92351 http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html http://www.securityfocus.com/archive/1/539126/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-6597

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect