I'm getting one CRITICAL and two HIGH finding related to the version of Apache that Sophos is running. Is Sophos UTM 9 going to get an upgrade version of Apache anytime soon to clear these? Is there a safe way for me to upgrade myself? Here are the CVE…

Hi, I did a vulnerability scan of my external IP and in the results I can see that SSL3.0 TLS1.1 and TLS1.1 are still supported for Port 3400. I guess this was already asked before but I didn't find it in the forum. Is there already a solution for…

Hello, We have PCI compliancy organisation requesting information/documentation on whether Sophos UTM is vulnerable to a range of CVE's based on detecting version of the Exim component. Some of the CVE's information as asked already, however we haven…

There is a vulnerability in OpenSSL: https://www.openssl.org/news/secadv/20201208.txt It could be used for a denial-of-service attack openSSL has it already fixed, when will it be included into UTM (and XG)? BR Edmund

Does anyone know what version of Snort the IPS uses? Snort/Cisco just had a vulnerability posted: http://www.theregister.co.uk/2016/03/31/cisco_snort_scramble_to_plug_malware_hole/ Just wondering if the UTM's are exposed as well??

Our recent PCI Compliance scan came back failed because the RED service uses RC4-SHA. This is also one of the issues that the scanning company (Trustwave, who is used by our credit card processor, FirstData) will not allow to be overridden. If this is…