Lucene search
+L

211 matches found

Prion
Prion
added 2023/09/13 1:15 p.m.21 views

Path traversal

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

5CVSS5.4AI score0.00704EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/13 12:30 p.m.63 views

CVE-2021-44172

Fortinet FortiClientEMS exposes environment-variable information to unauthenticated users in several versions: FortiClientEMS 7.0.0–7.0.4, 7.0.6–7.0.7, plus all 6.4 and 6.2 branches. The underlying issue is an information-disclosure vulnerability that can reveal EMS installation path and related ...

5.3CVSS5.4AI score0.00704EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 12:30 p.m.16 views

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

4.3CVSS6.8AI score0.00704EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/13 12:30 p.m.29 views

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

4.3CVSS5.7AI score0.00704EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A security vulnerability exists in Fortinet FortiClientEms that originates from an environment variable information leak in the login page. Affected products and versions: FortiClientEMS versions 7.0.6 through...

5.3CVSS6.6AI score0.00704EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.9 views

PT-2023-5166 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.0.0 through 7.0.4 FortiClientEMS versions 7.0.6 through 7.0.7 FortiClientEMS versions 6.4 and earlier FortiClientEMS versions 6.2 and earlier Description: The issue is related to an exposure of sensitive information ...

5.3CVSS5.3AI score0.00704EPSS
Exploits0References6
NVD
NVD
added 2021/12/16 7:15 p.m.16 views

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

8.2CVSS0.00213EPSS
Exploits0References1
Prion
Prion
added 2021/12/16 7:15 p.m.33 views

Design/Logic Flaw

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

5.4CVSS7.5AI score0.00213EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2021/12/16 6:13 p.m.13 views

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

8.2CVSS6.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2021/12/16 6:13 p.m.72 views

CVE-2021-41028

CVE-2021-41028 affects Fortinet FortiClient EMS up to 7.0.1 (and 6.4.6 and below) and FortiClient components for Windows, Linux, and macOS up to 7.0.1 and 6.4.6 and below. The root causes are a hard-coded cryptographic key in FortiClientEMS and improper certificate validation in FortiClient clien...

8.2CVSS7.4AI score0.00213EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2021/12/12 12:0 a.m.29 views

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...

6.8CVSS1.3AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2021/12/09 9:15 a.m.23 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

6.8CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2021/12/09 9:15 a.m.4 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

4.9CVSS5.8AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/09 9:15 a.m.2 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

6.8CVSS5.9AI score0.00392EPSS
Exploits0References2
Prion
Prion
added 2021/12/09 9:15 a.m.17 views

Information disclosure

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

4CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/09 9:10 a.m.41 views

CVE-2021-36189

CVE-2021-36189 affects Fortinet FortiClient EMS, with vulnerable components in FortiClientEMS v7.0.1 and earlier and v6.4.4 and earlier. Root cause is missing encryption of sensitive data, enabling information disclosure when an attacker inspects browser-decrypted data via developer tools. Public...

6.8CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/09 9:10 a.m.18 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

6.8CVSS6.3AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/09 9:10 a.m.24 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

6.8CVSS6.5AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.7 views

Fortinet FortiClientEms 信息泄露漏洞

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...

6.8CVSS5.5AI score0.00392EPSS
Exploits0References1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.39 views

FortiClientEMS - Sensitive information leak

A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...

4CVSS5.1AI score0.00392EPSS
Exploits0Affected Software1
Rows per page
Query Builder