2 matches found
CVE-2020-29012
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID via other, hypothetic...
CVE-2020-29012
FortiSandbox (versions 3.2.1 and earlier) is affected by an insufficient session expiration vulnerability. The root issue is that admin session IDs may not expire after logout, potentially enabling an attacker who obtains an unexpired admin session ID to access information about other users on th...