Loading
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Use CWE-264, Sophos vendor hub and Web Appliance Firmware product page to widen CVE-2014-2849 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2013-4983, CVE-2013-2642 and CVE-2014-2850 for nearby disclosures in the same product family.