Forticlient Endpoint Management Server
Monthly
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.