Our experts keep you up-to-date on critical cyber threats (CVEs)
A vulnerability has been identified in FortiSandbox where input is insufficiently neutralised during the generation of web pages (cross-site scripting - CWE-79). This allows an undeclared attacker to execute commands via specially formatted requests.
Upgrade to a version that includes the fix:
| Version | Affected | Solution |
|---|---|---|
| FortiSandbox 5.0 | 5.0.0 to 5.0.1 | Upgrade to 5.0.2 or higher |
| FortiSandbox 4.4 | 4.4.0 to 4.4.7 | Upgrade to 4.4.8 or higher |
| FortiSandbox 4.2 | all versions | Migrate to a fixed release |
| FortiSandbox 4.0 | all versions | Migrate to a fixed release |
For FortiSandbox PaaS, the fix is available in versions 4.4.8 and 5.0.5.
Managed Services customers can rest assured: your environment is proactively monitored. The necessary updates have been or will be provided by us.
If you don't have a managed-services contract, and need questions or help to fix this issue for you. Then feel free to contact us at support@vanroey.be or tel: 014 470 605 or make here is a ticket to.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
Receive our newsletter including invitations to events & interesting industry news!
Receive alerts from current CVEs and tips to remedy them!
Discover the countless possibilities of SharePoint. From enhanced internal communication to more efficient document and project management...