Lucene search
K

210 matches found

Vulnrichment
Vulnrichment
added 2025/03/28 9:7 a.m.7 views

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

5.5CVSS6AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 9:7 a.m.9 views

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

5.5CVSS0.00269EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/23 12:0 a.m.9 views

Fortinet FortiClientEMS Input Validation Error Vulnerability

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. An input validation error...

5.3CVSS6.9AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 2:15 p.m.3 views

CVE-2024-36510

An observable response discrepancy vulnerability CWE-204 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS5.8AI score0.00701EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 2:15 p.m.5 views

CVE-2024-36506

An improper verification of source of a communication channel vulnerability CWE-940 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 2:15 p.m.13 views

CVE-2024-36506

An improper verification of source of a communication channel vulnerability CWE-940 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection...

5.3CVSS0.00487EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 2:15 p.m.10 views

CVE-2024-36510

An observable response discrepancy vulnerability CWE-204 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS0.00701EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 2:15 p.m.4 views

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

9.8CVSS5.8AI score0.00925EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 2:15 p.m.6 views

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

9.8CVSS0.00925EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 2:10 p.m.9 views

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

8.1CVSS0.00925EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 2:10 p.m.5 views

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

8.1CVSS7.2AI score0.00925EPSS
Exploits0References1
CVE
CVE
added 2025/01/14 2:10 p.m.59 views

CVE-2024-23106

CVE-2024-23106 affects FortiClientEMS: vulnerable in FortiClientEMS versions 7.2.0–7.2.4 and earlier than 7.0.10 due to an improper restriction of excessive authentication attempts. This allows an unauthenticated attacker to attempt brute-force access to the FortiClientEMS console via crafted HTT...

9.8CVSS8.2AI score0.00925EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/14 2:9 p.m.10 views

CVE-2024-36506

An improper verification of source of a communication channel vulnerability CWE-940 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection...

3.7CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 2:9 p.m.9 views

CVE-2024-36506

An improper verification of source of a communication channel vulnerability CWE-940 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection...

3.7CVSS4.3AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2025/01/14 2:9 p.m.45 views

CVE-2024-36506

CVE-2024-36506 denotes an improper verification of the source of a communication channel (CWE-940) in FortiClientEMS. Affected products/versions per the provided documents include FortiClientEMS 6.4.0 through 7.0.x, 7.2.0 through 7.2.4, and 7.4.0. The issue may allow a remote attacker to bypass t...

5.3CVSS4.2AI score0.00487EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/01/14 2:9 p.m.13 views

CVE-2024-36510

An observable response discrepancy vulnerability CWE-204 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS0.00701EPSS
Exploits0References1
CVE
CVE
added 2025/01/14 2:9 p.m.56 views

CVE-2024-36510

CVE-2024-36510 affects Fortinet FortiClientEMS and FortiSOAR. The issue is an observable response discrepancy (CWE-204) that could allow an unauthenticated attacker to enumerate valid users by observing login request responses. Affected: FortiClientEMS versions 7.0 all versions and 7.2.0–7.2.4, 7...

5.3CVSS5.3AI score0.00701EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/01/14 2:9 p.m.11 views

CVE-2024-36510

An observable response discrepancy vulnerability CWE-204 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS5.3AI score0.00701EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, Inc. and is designed to help organizations efficiently manage endpoint devices in their networks and provide monitoring and control of endpoint security. A security vulnerability exists in Fortinet...

9.8CVSS6.8AI score0.00925EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.18 views

PT-2025-2455 · Fortinet · Fortisoar +1

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.0 through 7.4.0 FortiClientEMS version 7.2.0 through 7.2.4 FortiSOAR versions 6.4 through 7.5.0 FortiSOAR version 7.2.0 through 7.3.2 FortiSOAR version 7.4.0 through 7.4.4 Description: An observable response...

5.3CVSS7.4AI score0.00701EPSS
Exploits0References4
Rows per page
Query Builder