CVE-2024-31490

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 3.1.5 through 3.2.4 and 4.0.0 through 4.4.4

Description: The issue allows an attacker to disclose sensitive information via HTTP GET requests due to insufficient protection of service data. This can be exploited by a remote attacker to gain unauthorized access to protected information by sending specially crafted HTTP GET requests.

Recommendations: For Fortinet FortiSandbox versions 3.1.5 through 3.2.4, update to a version that fixes the issue. For Fortinet FortiSandbox versions 4.0.0 through 4.4.4, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the HTTP GET requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.