CVE-2024-31490

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows attacker to information disclosure via HTTP get requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.4.0 <= 4.4.4affected
FortinetFortiSandbox4.2.1 <= 4.2.6affected
FortinetFortiSandbox4.0.0 <= 4.0.6affected
FortinetFortiSandbox3.2.2 <= 3.2.4affected
FortinetFortiSandbox3.1.5affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References