CVE-2021-26098
- EPSS 0.31%
- Veröffentlicht 04.08.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:51
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
- EPSS 0.31%
- Veröffentlicht 20.07.2021 11:15:11
- Zuletzt bearbeitet 21.11.2024 05:49:33
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration ...
CVE-2020-29014
- EPSS 0.5%
- Veröffentlicht 09.07.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:23:30
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orches...
CVE-2018-1356
- EPSS 0.23%
- Veröffentlicht 09.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:41
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.