NotCVE - vendor:"Fortinet" product:"Fortisandbox" version:"4.0.1"

26 results (0.002 seconds)

CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-54027

https://notcve.org/view.php?id=CVE-2024-54027

17 Mar 2025 — A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. • https://fortiguard.fortinet.com/psirt/FG-IR-24-327 • CWE-321: Use of Hard-coded Cryptographic Key •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-54026

https://notcve.org/view.php?id=CVE-2024-54026

11 Mar 2025 — An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-353 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-54018

https://notcve.org/view.php?id=CVE-2024-54018

11 Mar 2025 — Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-110 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-52960

https://notcve.org/view.php?id=CVE-2024-52960

11 Mar 2025 — A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthor... • https://fortiguard.fortinet.com/psirt/FG-IR-24-305 • CWE-602: Client-Side Enforcement of Server-Side Security •

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-52961

https://notcve.org/view.php?id=CVE-2024-52961

11 Mar 2025 — An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-306 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-27781

https://notcve.org/view.php?id=CVE-2024-27781

11 Feb 2025 — An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-27778

https://notcve.org/view.php?id=CVE-2024-27778

14 Jan 2025 — An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2024-31490

https://notcve.org/view.php?id=CVE-2024-31490

10 Sep 2024 — An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. Una exposición de información confidencial a un actor no autorizado en Fortinet FortiSandbox versión 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.2 a 3.2.4 y 3.1.5 permite a un atacante divulgar información a través de solicitudes de obtención... • https://fortiguard.com/psirt/FG-IR-24-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

CVE-2024-21755

https://notcve.org/view.php?id=CVE-2024-21755

09 Apr 2024 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSandbox versión 4.4.0 a 4.4.3 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.4 permite al ... • https://fortiguard.com/psirt/FG-IR-23-489 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

CVE-2024-21756

https://notcve.org/view.php?id=CVE-2024-21756

1 2 3