Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisandbox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-41843
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 up to and including 4.2.5 and 4.0.0 up to and including 4.0.3 allows malicious user to execute unauthorized code or commands...
Fortinet Fortisandbox
Fortinet Fortisandbox 2.4.1
NA
CVE-2022-27485
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 up to and including 4.0.2, 3.2.0 up to and including 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated atta...
Fortinet Fortisandbox
Fortinet Fortisandbox 4.2.0
7.8
CVSSv2
CVE-2021-22124
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6; and FortiAuthenticator prior to 6.0.6 may allow an unauthenticated ma...
Fortinet Fortiauthenticator
Fortinet Fortisandbox
4
CVSSv2
CVE-2020-15939
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged malicious user to download the device configuration file via the recovery URL.
Fortinet Fortisandbox
4.3
CVSSv2
CVE-2018-1356
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox prior to 3.0 may allow an malicious user to execute unauthorized code or commands via the back_url parameter in the file scan component.
Fortinet Fortisandbox
6.5
CVSSv2
CVE-2020-29011
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 up to and including 3.2.2, and 3.1.0 up to and including 3.1.4 may allow an authenticated malicious user to execute unauthorized code on the underlying SQL interpret...
Fortinet Fortisandbox
5
CVSSv2
CVE-2020-29012
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session I...
Fortinet Fortisandbox
6.3
CVSSv2
CVE-2020-29014
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox prior to 3.2.2 may allow an authenticated malicious user to bring the system into an unresponsive state via specifically orchestrated seque...
Fortinet Fortisandbox
4
CVSSv2
CVE-2021-24010
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 up to and including 3.2.2, and 3.1.0 up to and including 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
Fortinet Fortisandbox
4.3
CVSSv2
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox prior to 4.0.0 may allow an unauthenticated malicious user to perform an XSS attack via specifically crafted request parameters.
Fortinet Fortisandbox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »