CVE-2024-31490

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-24-051 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*

History

20 Sep 2024, 19:48

Type Values Removed Values Added
Summary
  • (es) Una exposición de información confidencial a un actor no autorizado en Fortinet FortiSandbox versión 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.2 a 3.2.4 y 3.1.5 permite a un atacante divulgar información a través de solicitudes de obtención HTTP.
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://fortiguard.com/psirt/FG-IR-24-051 - () https://fortiguard.com/psirt/FG-IR-24-051 - Vendor Advisory
First Time Fortinet
Fortinet fortisandbox

10 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-20 19:48


NVD link : CVE-2024-31490

Mitre link : CVE-2024-31490

CVE.ORG link : CVE-2024-31490


JSON object : View

Products Affected

fortinet

  • fortisandbox
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor