CVE-2024-31490

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-24-051 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*

History

20 Sep 2024, 19:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5
References () https://fortiguard.com/psirt/FG-IR-24-051 - () https://fortiguard.com/psirt/FG-IR-24-051 - Vendor Advisory
CPE cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*
First Time Fortinet
Fortinet fortisandbox
Summary
  • (es) Una exposición de información confidencial a un actor no autorizado en Fortinet FortiSandbox versión 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.2 a 3.2.4 y 3.1.5 permite a un atacante divulgar información a través de solicitudes de obtención HTTP.
CWE NVD-CWE-noinfo

10 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-20 19:48


NVD link : CVE-2024-31490

Mitre link : CVE-2024-31490

CVE.ORG link : CVE-2024-31490


JSON object : View

Products Affected

fortinet

  • fortisandbox
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor