Skip to main content

Forticlient Enterprise Management Server

4 CVEs product

Monthly

CVE-2024-33508 HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2021-36189 MEDIUM PATCH This Month

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Fortinet Information Disclosure Forticlient Enterprise Management Server
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2021-41030 CRITICAL PATCH Act Now

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Forticlient Enterprise Management Server
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-32592 HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 1% CVSS 7.3
HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient Enterprise Management Server
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Fortinet Information Disclosure Forticlient Enterprise Management Server
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Forticlient Enterprise Management Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy