Fortinet Forticlientems vulnerabilities

5 known vulnerabilities affecting fortinet/fortinet_forticlientems.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2021-36189MEDIUMCVSS 4.9vFortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.02021-12-09

CVE-2021-36189 [MEDIUM] CWE-311 CVE-2021-36189: A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6 A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data

CVE-2021-41030CRITICALCVSS 9.1vFortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.02021-12-08

CVE-2021-41030 [MEDIUM] CWE-294 CVE-2021-41030: An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

CVE-2020-15940MEDIUMCVSS 5.4vFortiClientEMS 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.02021-11-02

CVE-2020-15940 [MEDIUM] CWE-79 CVE-2020-15940: An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and belo An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.

CVE-2021-24019CRITICALCVSS 9.8vFortiClientEMS 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.02021-10-06

CVE-2021-24019 [HIGH] CWE-613 CVE-2021-24019: An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and bel An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

CVE-2020-15941MEDIUMCVSS 5.4vFortiClientEMS 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.02021-10-06

CVE-2020-15941 [MEDIUM] CWE-22 CVE-2020-15941: A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.