diff --git a/http/cves/2022/CVE-2022-3980.yaml b/http/cves/2022/CVE-2022-3980.yaml
index 274c7819b4..f67674e0fe 100644
--- a/http/cves/2022/CVE-2022-3980.yaml
+++ b/http/cves/2022/CVE-2022-3980.yaml
@@ -5,7 +5,7 @@ info:
   author: dabla
   severity: critical
   description: |
-    An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
+    An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
   reference:
     - https://www.sophos.com/en-us/security-advisories/sophos-sa-20221116-smc-xee
     - https://nvd.nist.gov/vuln/detail/CVE-2022-3980
@@ -38,7 +38,7 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - contains(interactsh_protocol, 'http')
-          - status_code == 400
-          - contains_all(to_lower(interactsh_request), 'user-agent','java')
-        condition: and
\ No newline at end of file
+          - "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
+          - "status_code == 400"
+          - "len(body) == 0"
+        condition: and