Page 4 of 19 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. • https://fortiguard.com/psirt/FG-IR-22-060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. • https://fortiguard.com/psirt/FG-IR-22-056 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. • https://fortiguard.com/psirt/FG-IR-20-220 • CWE-916: Use of Password Hash With Insufficient Computational Effort •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. Una vulnerabilidad de registro insuficiente [CWE-778] en las versiones 4.0.0 a 4.0.2, 3.2.0 a 3.2.3 y 3.1.0 a 3.1.5 de FortiSandbox y las versiones 4.2.0, 4.1.0 a 4.1.1 de FortiDeceptor. 4.0.0 a 4.0.2, 3.3.0 a 3.3.3, 3.2.0 a 3.2.2, 3.1.0 a 3.1.1 y 3.0.0 a 3.0.2 pueden permitir que un atacante remoto ingrese repetidamente credenciales incorrectas sin generar una entrada de registro y sin límite en el número de intentos fallidos de autenticación. • https://fortiguard.com/psirt/FG-IR-21-170 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-778: Insufficient Logging •