CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-32119
https://notcve.org/view.php?id=CVE-2024-32119
10 Jun 2025 — An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-375 • CWE-1390: Weak Authentication •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23106
https://notcve.org/view.php?id=CVE-2024-23106
14 Jan 2025 — An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-476 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-21753
https://notcve.org/view.php?id=CVE-2024-21753
10 Sep 2024 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests Una limitación incorrecta de una ruta de acceso a un directorio restringido ("ruta de acceso") en las versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.13, 6.... • https://fortiguard.fortinet.com/psirt/FG-IR-23-362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •