Fortinet

Fortisandbox

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-53679

  • EPSS 0.17%
  • Veröffentlicht 09.12.2025 17:19:51
  • Zuletzt bearbeitet 09.12.2025 20:26:08

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized...

6.1

CVE-2025-54353

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 17:19:49
  • Zuletzt bearbeitet 09.12.2025 20:10:23

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4...

8.8

CVE-2025-53949

  • EPSS 0.07%
  • Veröffentlicht 09.12.2025 17:19:24
  • Zuletzt bearbeitet 09.12.2025 20:12:27

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSan...

5.3

CVE-2025-46215

  • EPSS 0.05%
  • Veröffentlicht 18.11.2025 17:01:21
  • Zuletzt bearbeitet 20.11.2025 14:38:52

An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker t...

6.7

CVE-2024-27779

  • EPSS 0.09%
  • Veröffentlicht 18.07.2025 07:58:23
  • Zuletzt bearbeitet 22.07.2025 17:07:27

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, ...

8.8

CVE-2021-26105

  • EPSS 0.07%
  • Veröffentlicht 24.03.2025 15:27:56
  • Zuletzt bearbeitet 24.07.2025 19:18:02

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically cra...

4.4

CVE-2024-54027

  • EPSS 0.03%
  • Veröffentlicht 17.03.2025 13:05:31
  • Zuletzt bearbeitet 24.07.2025 20:17:55

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged a...

8.8

CVE-2024-54026

  • EPSS 0.04%
  • Veröffentlicht 11.03.2025 14:54:38
  • Zuletzt bearbeitet 24.07.2025 18:46:17

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and...

7.2

CVE-2024-54018

  • EPSS 0.13%
  • Veröffentlicht 11.03.2025 14:54:37
  • Zuletzt bearbeitet 23.07.2025 15:37:06

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

8.8

CVE-2024-52960

  • EPSS 0.11%
  • Veröffentlicht 11.03.2025 14:54:35
  • Zuletzt bearbeitet 24.07.2025 18:39:01

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized command...