Fortinet Forticlientems vulnerabilities

CVE-2021-41028 [HIGH] CWE-295 A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6... FG-IR-21-075: A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6... A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWi

CVE-2021-36189 [MEDIUM] CWE-311 A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allow... FG-IR-21-140: A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allow... A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data CVEs: CVE

CVE-2021-32592 [HIGH] CWE-427 An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0,... FG-IR-21-088: An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0,... An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on

CVE-2020-15940 [MEDIUM] CWE-79 An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and belo... FG-IR-20-067: An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and belo... An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the na

CVE-2021-24019 [HIGH] CWE-613 An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below... FG-IR-20-072: An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below... An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privile

CVE-2020-15941 [MEDIUM] CWE-22 A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authent... FG-IR-20-074: A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authent... A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the fi