211 matches found
Path traversal
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...
CVE-2021-44172
Fortinet FortiClientEMS exposes environment-variable information to unauthenticated users in several versions: FortiClientEMS 7.0.0–7.0.4, 7.0.6–7.0.7, plus all 6.4 and 6.2 branches. The underlying issue is an information-disclosure vulnerability that can reveal EMS installation path and related ...
CVE-2021-44172
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...
CVE-2021-44172
An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...
Fortinet FortiClientEms Information Disclosure Vulnerability
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A security vulnerability exists in Fortinet FortiClientEms that originates from an environment variable information leak in the login page. Affected products and versions: FortiClientEMS versions 7.0.6 through...
PT-2023-5166 · Fortinet · Forticlientems
Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.0.0 through 7.0.4 FortiClientEMS versions 7.0.6 through 7.0.7 FortiClientEMS versions 6.4 and earlier FortiClientEMS versions 6.2 and earlier Description: The issue is related to an exposure of sensitive information ...
CVE-2021-41028
A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...
Design/Logic Flaw
A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...
CVE-2021-41028
A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...
CVE-2021-41028
CVE-2021-41028 affects Fortinet FortiClient EMS up to 7.0.1 (and 6.4.6 and below) and FortiClient components for Windows, Linux, and macOS up to 7.0.1 and 6.4.6 and below. The root causes are a hard-coded cryptographic key in FortiClientEMS and improper certificate validation in FortiClient clien...
Fortinet FortiClientEms Information Disclosure Vulnerability
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
Information disclosure
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
CVE-2021-36189
CVE-2021-36189 affects Fortinet FortiClient EMS, with vulnerable components in FortiClientEMS v7.0.1 and earlier and v6.4.4 and earlier. Root cause is missing encryption of sensitive data, enabling information disclosure when an attacker inspects browser-decrypted data via developer tools. Public...
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...
Fortinet FortiClientEms 信息泄露漏洞
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...
FortiClientEMS - Sensitive information leak
A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...