CVE-2021-36189

CWE-3115 documents5 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 74.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Enterprise Management Server Fortinet Fortinet Forticlientems

Timeline

PublishedDec 9

Latest updateDec 10

Description

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlientemsFortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

▶NVDfortinet/forticlient_enterprise_management_server6.4.0 — 6.4.4+3

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-v99f-7jp8-w888: A missing encryption of sensitive data in Fortinet FortiClientEMS version 7↗2021-12-10

▶

CVEList

CVE-2021-36189: A missing encryption of sensitive data in Fortinet FortiClientEMS version 7↗2021-12-09

▶

📋Vendor Advisories

Fortinet

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allow...↗2021-12-09

▶

Oracle

Oracle Oracle Insurance Applications Risk Matrix: Development tools (jackson-databind) — CVE-2020-36189↗2021-10-15

▶