Filtered by vendor Fortinet Subscriptions
Filtered by product Fortisandbox Subscriptions

Search

Switch to Advanced Search (Beta)
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-29013 1 Fortinet 1 Fortisandbox 2024-11-21 5.4 Medium
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.
CVE-2020-29012 1 Fortinet 1 Fortisandbox 2024-11-21 5.6 Medium
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
CVE-2020-29011 1 Fortinet 1 Fortisandbox 2024-11-21 8.8 High
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
CVE-2020-15939 1 Fortinet 1 Fortisandbox 2024-11-21 4.3 Medium
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
CVE-2018-1356 1 Fortinet 1 Fortisandbox 2024-11-21 N/A
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
CVE-2024-31490 1 Fortinet 1 Fortisandbox 2024-09-20 4.2 Medium
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.