Fortinet Discovers Box.com Denial of Service Vulnerability
Fortinet's FortiGuard Labs has discovered a denial of service vulnerability in Box.com.
Box is an enterprise content management platform that solves simple and complex challenges, from sharing and accessing files on mobile devices to sophisticated business processes like data governance and retention. More than 41 million users and 74,000 businesses including 59% of the Fortune 500 trust Box to manage content in the cloud.
The vulnerability exists in Box.com Notes function. Because the "add image" function doesn't correctly process user-supplied data, an error is triggered so that the targeted Note can't be accessed any more.
Box.com has patched it. No further action is needed.
Fortinet reported the vulnerability to Box.com on March 16, 2018.
Box.com confirmed the vulnerability on March 18, 2018.
Box.com patched the vulnerability on March 18, 2018.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.