Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisandbox vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-41843
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 up to and including 4.2.5 and 4.0.0 up to and including 4.0.3 allows malicious user to execute unauthorized code or commands...
Fortinet Fortisandbox
Fortinet Fortisandbox 2.4.1
6.5
CVSSv3
CVE-2022-27485
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 up to and including 4.0.2, 3.2.0 up to and including 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated atta...
Fortinet Fortisandbox
Fortinet Fortisandbox 4.2.0
7.5
CVSSv3
CVE-2021-22124
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6; and FortiAuthenticator prior to 6.0.6 may allow an unauthenticated ma...
Fortinet Fortisandbox
Fortinet Fortiauthenticator
5.3
CVSSv3
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox prior to 4.0.1, FortiWeb prior to 6.3.12, FortiADC prior to 6.2.1, FortiMail 7.0.1 and previous versions may allow an attacker in possession of the pa...
Fortinet Fortimail
Fortinet Fortisandbox
Fortinet Fortiadc
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb
Fortinet Fortimail 7.0.1
Fortinet Fortiadc 6.2.0
Fortinet Fortisandbox 4.0.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail 7.0.0
8.8
CVSSv3
CVE-2022-27487
A improper privilege management in Fortinet FortiSandbox version 4.2.0 up to and including 4.2.2, 4.0.0 up to and including 4.0.2 and prior to 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 up to and including 4.0.2 and prior to 3.3.3 allows a remote authenticated malicious user to...
Fortinet Fortideceptor 4.1.0
Fortinet Fortideceptor
Fortinet Fortisandbox
4.3
CVSSv3
CVE-2020-15939
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged malicious user to download the device configuration file via the recovery URL.
Fortinet Fortisandbox
6.1
CVSSv3
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox prior to 4.0.0 may allow an unauthenticated malicious user to perform an XSS attack via specifically crafted request parameters.
Fortinet Fortisandbox
8.8
CVSSv3
CVE-2021-26096
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox prior to 4.0.0 may allow an authenticated malicious user to manipulate memory and alter its content by means of specifically crafted command line arguments.
Fortinet Fortisandbox
8.8
CVSSv3
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unaut...
Fortinet Fortisandbox
7.5
CVSSv3
CVE-2021-26098
An instance of small space of random values in the RPC API of FortiSandbox prior to 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Fortinet Fortisandbox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »