Fortinet

Fortisandbox

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-31490

  • EPSS 0.17%
  • Veröffentlicht 10.09.2024 15:15:15
  • Zuletzt bearbeitet 20.09.2024 19:48:42

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP ge...

8.8

CVE-2024-31491

  • EPSS 0.87%
  • Veröffentlicht 14.05.2024 17:17:24
  • Zuletzt bearbeitet 02.01.2025 18:35:20

A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.

6.5

CVE-2024-31487

  • EPSS 0.53%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:05:45

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3....

8.1

CVE-2024-23671

  • EPSS 0.83%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:04:06

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted...

8.8

CVE-2024-21756

  • EPSS 1.05%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:02:00

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands...

8.8

CVE-2024-21755

  • EPSS 1.05%
  • Veröffentlicht 09.04.2024 15:15:30
  • Zuletzt bearbeitet 23.12.2024 14:58:10

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands...

6.7

CVE-2023-47541

  • EPSS 0.13%
  • Veröffentlicht 09.04.2024 15:15:28
  • Zuletzt bearbeitet 23.12.2024 14:57:00

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3...

6.7

CVE-2023-47540

  • EPSS 0.14%
  • Veröffentlicht 09.04.2024 15:15:27
  • Zuletzt bearbeitet 23.12.2024 14:55:53

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may all...

5.4

CVE-2023-45587

  • EPSS 0.44%
  • Veröffentlicht 13.12.2023 07:15:20
  • Zuletzt bearbeitet 21.11.2024 08:27:00

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker t...

5.4

CVE-2023-41844

  • EPSS 0.44%
  • Veröffentlicht 13.12.2023 07:15:18
  • Zuletzt bearbeitet 21.11.2024 08:21:47

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through ...