Fortinet FortiClient Endpoint Management Server (EMS) 6.2.0

CPE Details

Fortinet FortiClient Endpoint Management Server (EMS) 6.2.0
fortinet
forticlient_endpoint_management_server
6.2.0
2021-10-08
12h35 +00:00
2021-10-08
12h53 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:fortinet:forticlient_endpoint_management_server:6.2.0:*:*:*:*:*:*:*

Informations

Vendor

fortinet

Product

forticlient_endpoint_management_server

Version

6.2.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-21753 2024-09-10 14h37 +00:00 A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests
6
Moyen
CVE-2023-47534 2024-03-12 15h09 +00:00 A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
9.6
Critique
CVE-2021-44172 2023-09-13 12h30 +00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
5.3
Moyen
CVE-2021-41028 2021-12-16 17h13 +00:00 A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
8.2
Haute
CVE-2021-24019 2021-10-06 07h41 +00:00 An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
9.8
Critique
CVE-2020-15941 2021-10-06 07h27 +00:00 A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
5.4
Moyen