{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T09:39:34.459","vulnerabilities":[{"cve":{"id":"CVE-2024-12727","sourceIdentifier":"security-alert@sophos.com","published":"2024-12-19T21:15:07.740","lastModified":"2025-11-12T19:27:32.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL previa a la autenticación en la función de protección de correo electrónico de las versiones de Sophos Firewall anteriores a 21.0 MR1 (21.0.1) permite el acceso a la base de datos de informes y puede provocar la ejecución remota de código si se habilita una configuración específica de Secure PDF eXchange (SPX) en combinación con el firewall ejecutándose en modo de alta disponibilidad (HA)."}],"metrics":{"cvssMetricV31":[{"source":"security-alert@sophos.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-alert@sophos.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sophos:firewall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"21.0.1","matchCriteriaId":"2F61096C-54B8-491E-963C-4461F0657EE8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sophos:firewall:-:*:*:*:*:*:*:*","matchCriteriaId":"2F728103-324C-4F34-9EE6-6E922018A2EB"}]}]}],"references":[{"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce","source":"security-alert@sophos.com","tags":["Patch","Vendor Advisory"]}]}}]}