Vulnerabilities > Fortinet > Fortisandbox > 3.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2022-26115 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | 7.5 |
| 2022-12-06 | CVE-2022-30305 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor and Fortisandbox An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. | 7.5 |
| 2021-08-04 | CVE-2021-24014 | Cross-site Scripting vulnerability in Fortinet Fortisandbox Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | 4.3 |
| 2021-08-04 | CVE-2021-26096 | Out-of-bounds Write vulnerability in Fortinet Fortisandbox Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments. | 6.5 |
| 2021-08-04 | CVE-2021-26097 | OS Command Injection vulnerability in Fortinet Fortisandbox An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | 6.5 |
| 2021-08-04 | CVE-2021-24010 | Path Traversal vulnerability in Fortinet Fortisandbox Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | 4.0 |
| 2021-08-04 | CVE-2021-26098 | Use of Insufficiently Random Values vulnerability in Fortinet Fortisandbox An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. | 5.0 |