VYPR

Forticlientems

by Fortinet

CVEs (27)

  • CVE-2021-44172Sep 13, 2023
    risk 0.00cvss epss 0.01

    An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment…

  • CVE-2021-41028Dec 16, 2021
    risk 0.00cvss epss 0.00

    A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and…

  • CVE-2021-36189Dec 9, 2021
    risk 0.00cvss epss 0.00

    A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data

  • CVE-2021-41030Dec 8, 2021
    risk 0.00cvss epss 0.01

    An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

  • CVE-2021-32592Dec 1, 2021
    risk 0.00cvss epss 0.00

    An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search…

  • CVE-2020-15940Nov 2, 2021
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.

  • CVE-2020-15941Oct 6, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.

Page 2 of 2