Fortinet

Fortisandbox

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.8

CVE-2025-67685

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 16:32:29
  • Zuletzt bearbeitet 14.01.2026 21:38:01

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker t...

7.2

CVE-2025-53679

  • EPSS 0.26%
  • Veröffentlicht 09.12.2025 17:19:51
  • Zuletzt bearbeitet 14.01.2026 13:16:09

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSan...

6.1

CVE-2025-54353

  • EPSS 0.07%
  • Veröffentlicht 09.12.2025 17:19:49
  • Zuletzt bearbeitet 09.12.2025 20:10:23

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4...

8.8

CVE-2025-53949

  • EPSS 0.1%
  • Veröffentlicht 09.12.2025 17:19:24
  • Zuletzt bearbeitet 09.12.2025 20:12:27

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSan...

5.3

CVE-2025-46215

  • EPSS 0.08%
  • Veröffentlicht 18.11.2025 17:01:21
  • Zuletzt bearbeitet 20.11.2025 14:38:52

An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker t...

6.7

CVE-2024-27779

  • EPSS 0.1%
  • Veröffentlicht 18.07.2025 07:58:23
  • Zuletzt bearbeitet 22.07.2025 17:07:27

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, ...

8.8

CVE-2021-26105

  • EPSS 0.2%
  • Veröffentlicht 24.03.2025 15:27:56
  • Zuletzt bearbeitet 24.07.2025 19:18:02

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically cra...

4.4

CVE-2024-54027

  • EPSS 0.03%
  • Veröffentlicht 17.03.2025 13:05:31
  • Zuletzt bearbeitet 24.07.2025 20:17:55

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged a...

8.8

CVE-2024-54026

  • EPSS 0.05%
  • Veröffentlicht 11.03.2025 14:54:38
  • Zuletzt bearbeitet 14.01.2026 15:15:55

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all ve...

7.2

CVE-2024-54018

  • EPSS 0.16%
  • Veröffentlicht 11.03.2025 14:54:37
  • Zuletzt bearbeitet 23.07.2025 15:37:06

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.