A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to information disclosure via crafted http requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-24-060 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-24-060 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jan 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to information disclosure via crafted http requests. |
23 Dec 2024, 15:05
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* | |
| References | () https://fortiguard.com/psirt/FG-IR-24-060 - Vendor Advisory | |
| First Time |
Fortinet
Fortinet fortisandbox |
21 Nov 2024, 09:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-24-060 - |
09 Apr 2024, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-09 15:15
Updated : 2026-01-14 14:16
NVD link : CVE-2024-31487
Mitre link : CVE-2024-31487
CVE.ORG link : CVE-2024-31487
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')