211 matches found
CVE-2021-24019
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
CVE-2021-24019
FortiClientEMS has an insufficient session expiration vulnerability (CWE-613) that affects FortiClientEMS versions 6.4.2 and below and 6.2.8 and below. An attacker who can obtain an unexpired admin session ID may reuse it to gain admin privileges. Remediation involves applying the Fortinet fixes:...
CVE-2020-15941
A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
CVE-2020-15941
A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
CVE-2020-15941
CVE-2020-15941 is a path traversal vulnerability in FortiClientEMS where authenticated attackers could inject directory traversal sequences via the name parameter of Deployment Packages, potentially adding or deleting server files. Affected: FortiClientEMS versions 6.4.1 and below; 6.2.8 and belo...
Fortinet FortiClientEms 代码问题漏洞
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiClientEms, which can be exploited by attackers to gain administrator privileges by reusing an unexpired administrator user session ID...
Vulnerabilities fixed in Fortinet FortiClientEMS
Fortinet has fixed vulnerabilities in FortiClientEMS. The vulnerability with reference CVE-2020-15941 concerns a path traversal vulnerability. This vulnerability allows an authenticated malicious person potentially able to add or delete files on the server to add or delete files. The vulnerabilit...
Fortinet FortiClientEms 路径遍历漏洞
Fortinet FortiClientEms is a centralized, centralized management system from Fortinet, USA. A path traversal vulnerability exists in Fortinet FortiClientEMS versions 6.4.1 and below; 6.2.8 and below, which can be exploited by an attacker to add/remove files to/from a server by injecting a sequenc...
FortiClientEMS - Session cookie does not expire after logout
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
FortiClientEMS - Directory Traversal vulnerability
A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
XSS vulnerability in FortiClientEMS
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...