CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16149
https://notcve.org/view.php?id=CVE-2019-16149
28 Mar 2025 — An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system. • https://fortiguard.fortinet.com/psirt/FG-IR-19-072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23106
https://notcve.org/view.php?id=CVE-2024-23106
14 Jan 2025 — An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-476 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36506
https://notcve.org/view.php?id=CVE-2024-36506
14 Jan 2025 — An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. • https://fortiguard.fortinet.com/psirt/FG-IR-24-078 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36510
https://notcve.org/view.php?id=CVE-2024-36510
14 Jan 2025 — An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. • https://fortiguard.fortinet.com/psirt/FG-IR-24-071 • CWE-204: Observable Response Discrepancy •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-21753
https://notcve.org/view.php?id=CVE-2024-21753
10 Sep 2024 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests Una limitación incorrecta de una ruta de acceso a un directorio restringido ("ruta de acceso") en las versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.13, 6.... • https://fortiguard.fortinet.com/psirt/FG-IR-23-362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-31489
https://notcve.org/view.php?id=CVE-2024-31489
10 Sep 2024 — AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7... • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2024-33508
https://notcve.org/view.php?id=CVE-2024-33508
10 Sep 2024 — An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. Una neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ('Inyección de comando') [CWE-77] en Fortinet FortiClientEMS 7.2.0 a 7.2.4, 7.0.0 a 7.0.12 puede permiti... • https://fortiguard.fortinet.com/psirt/FG-IR-24-123 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •