PSIRT Advisories
FortiSandbox - Multiple path traversals
Summary
Improper limitation of a pathname to a restricted directory (CWE-22) vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.c
Affected Products
FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.
Solutions
Please upgrade to FortiSandbox version 4.0.0 or above
Please upgrade to FortiSandbox version 3.2.3 or above
Please upgrade to FortiSandbox version 3.1.5 or above