Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36806: Sophos Email Appliance version 4.5.3.4 released

A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on

Sophos Email Appliance

older than version 4.5.3.4.

CVE
#xss#vulnerability#amazon#auth#firefox#ssl

Hi everyone,

Sophos Email Appliance version 4.5.3.4 was released on February 2, 2023.

Limited release

Version 4.5.3.4 was released to an initial group of customers on February 2, 2023. This release will be made available to all customers over the next few weeks. If you would like to get early access to new features, please contact Sophos Support.

Release Information

This release resolves several issues. The appliance will restart after this update.

You should also familiarize yourself with the known issues, since improper configuration of certain options may cause unexpected behavior.

Before you begin installing and configuring the Email Appliance, you should review the configuration directions.

Internet Explorer 7 and later, and Mozilla Firefox version 4.x and later, are the only supported browsers for this product release. However, the Email Appliance has been optimized for current-generation browsers. If you are using an older browser such as Internet Explorer 6 and experience performance issues, consider upgrading to a newer version of Internet Explorer, or to a recent version of Firefox.

Issues resolved in the Sophos Email Appliance 4.5.3.4 release:

  • Fixed potential vulnerability to CVE-2021-36806 (SEA-1779).
  • Fixed a potential vulnerability to cipher block chaining (CBC) ciphers with TLS (SEA-1656). Disabled TLS 1.1 for port 25.
  • Removed expired certificates (SEA-1846).
  • Add Amazon root certificate authority (CA) (SEA-1683).

Reference: https://esa.sophos.com/rn/sea/concepts/ReleaseNotes_4.5.3.4.html

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907