Skip to main content

Forticlient Endpoint Management Server

3 CVEs product

Monthly

CVE-2024-21753 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Fortinet Forticlient Endpoint Management Server
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2021-41028 HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-24019 CRITICAL Act Now

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forticlient Endpoint Management Server
NVD
CVSS 3.1
9.8
EPSS
3.8%
EPSS 1% CVSS 6.0
MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Fortinet +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forticlient Endpoint Management Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy