FortiSandbox Path Traversal Vulnerability Could Lead to Information Disclosure
CVE-2024-31487
6.5MEDIUM
What is CVE-2024-31487?
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.
Affected Version(s)
FortiSandbox 4.4.0 <= 4.4.4
FortiSandbox 4.2.0 <= 4.2.6
FortiSandbox 4.0.0 <= 4.0.5