Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisandbox vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv2
CVE-2020-29014
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox prior to 3.2.2 may allow an authenticated malicious user to bring the system into an unresponsive state via specifically orchestrated seque...
Fortinet Fortisandbox
4
CVSSv2
CVE-2021-24010
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 up to and including 3.2.2, and 3.1.0 up to and including 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
Fortinet Fortisandbox
4
CVSSv2
CVE-2020-15939
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged malicious user to download the device configuration file via the recovery URL.
Fortinet Fortisandbox
4.3
CVSSv2
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox prior to 4.0.0 may allow an unauthenticated malicious user to perform an XSS attack via specifically crafted request parameters.
Fortinet Fortisandbox
4.3
CVSSv2
CVE-2018-1356
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox prior to 3.0 may allow an malicious user to execute unauthorized code or commands via the back_url parameter in the file scan component.
Fortinet Fortisandbox
2.6
CVSSv2
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox prior to 4.0.1, FortiWeb prior to 6.3.12, FortiADC prior to 6.2.1, FortiMail 7.0.1 and previous versions may allow an attacker in possession of the pa...
Fortinet Fortimail
Fortinet Fortisandbox
Fortinet Fortiadc
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb
Fortinet Fortimail 7.0.1
Fortinet Fortiadc 6.2.0
Fortinet Fortisandbox 4.0.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail 7.0.0
5.8
CVSSv2
CVE-2016-8495
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 up to and including 5.2.7 and 5.4.0 up to and including 5.4.1 allows remote malicious user to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing fea...
Fortinet Fortimanager Firmware 5.2.7
Fortinet Fortimanager Firmware 5.0.11
Fortinet Fortimanager Firmware 5.0.3
Fortinet Fortimanager Firmware 5.0.10
Fortinet Fortimanager Firmware 5.2.2
Fortinet Fortimanager Firmware 5.2.3
Fortinet Fortimanager Firmware 5.0.4
Fortinet Fortimanager Firmware 5.0.5
Fortinet Fortimanager Firmware 5.2.1
Fortinet Fortimanager Firmware 5.2.0
Fortinet Fortimanager Firmware 5.0.8
Fortinet Fortimanager Firmware 5.0.9
Fortinet Fortimanager Firmware 5.2.4
Fortinet Fortimanager Firmware 5.2.6
Fortinet Fortimanager Firmware 5.0.6
Fortinet Fortimanager Firmware 5.0.7
Fortinet Fortimanager Firmware 5.4.1
Fortinet Fortimanager Firmware 5.4.0
4.3
CVSSv2
CVE-2015-7360
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox prior to 2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport pa...
Fortinet Fortisandbox Firmware
NA
CVE-2024-31491
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 up to and including 4.4.4 and 4.2.0 up to and including 4.2.6 allows malicious user to execute unauthorized code or commands via HTTP requests.
NA
CVE-2024-23671
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 up to and including 4.4.3 and 4.2.0 up to and including 4.2.6 and 4.0.0 up to and including 4.0.4 allows malicious user to execute unauthorized code o...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »