Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29012 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 5.0 MEDIUM | 5.6 MEDIUM |
| An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2020-29011 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests. | |||||
| CVE-2020-15939 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. | |||||
| CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | |||||
| CVE-2024-31490 | 1 Fortinet | 1 Fortisandbox | 2024-09-20 | N/A | 4.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. | |||||