Lucene search
+L

211 matches found

Vulnrichment
Vulnrichment
added 2021/10/06 9:41 a.m.17 views

CVE-2021-24019

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

8.1CVSS6.9AI score0.03841EPSS
Exploits0References1
CVE
CVE
added 2021/10/06 9:41 a.m.69 views

CVE-2021-24019

FortiClientEMS has an insufficient session expiration vulnerability (CWE-613) that affects FortiClientEMS versions 6.4.2 and below and 6.2.8 and below. An attacker who can obtain an unexpired admin session ID may reuse it to gain admin privileges. Remediation involves applying the Fortinet fixes:...

9.8CVSS9.4AI score0.03841EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/06 9:27 a.m.29 views

CVE-2020-15941

A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.4CVSS5.4AI score0.01109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/06 9:27 a.m.16 views

CVE-2020-15941

A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.4CVSS6.7AI score0.01109EPSS
Exploits0References1
CVE
CVE
added 2021/10/06 9:27 a.m.50 views

CVE-2020-15941

CVE-2020-15941 is a path traversal vulnerability in FortiClientEMS where authenticated attackers could inject directory traversal sequences via the name parameter of Deployment Packages, potentially adding or deleting server files. Affected: FortiClientEMS versions 6.4.1 and below; 6.2.8 and belo...

5.5CVSS5.3AI score0.01109EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.7 views

Fortinet FortiClientEms 代码问题漏洞

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiClientEms, which can be exploited by attackers to gain administrator privileges by reusing an unexpired administrator user session ID...

9.8CVSS8.4AI score0.03841EPSS
Exploits0References4
NCSC
NCSC
added 2021/10/06 12:0 a.m.8 views

Vulnerabilities fixed in Fortinet FortiClientEMS

Fortinet has fixed vulnerabilities in FortiClientEMS. The vulnerability with reference CVE-2020-15941 concerns a path traversal vulnerability. This vulnerability allows an authenticated malicious person potentially able to add or delete files on the server to add or delete files. The vulnerabilit...

9.8CVSS7.1AI score0.03841EPSS
Exploits0
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.6 views

Fortinet FortiClientEms 路径遍历漏洞

Fortinet FortiClientEms is a centralized, centralized management system from Fortinet, USA. A path traversal vulnerability exists in Fortinet FortiClientEMS versions 6.4.1 and below; 6.2.8 and below, which can be exploited by an attacker to add/remove files to/from a server by injecting a sequenc...

5.5CVSS5.8AI score0.01109EPSS
Exploits0References4
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.34 views

FortiClientEMS - Session cookie does not expire after logout

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

7.5CVSS8.9AI score0.03841EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/10/05 12:0 a.m.33 views

FortiClientEMS - Directory Traversal vulnerability

A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.5CVSS5.6AI score0.01109EPSS
Exploits0Affected Software1
Fortinet
Fortinet
added 2019/09/23 12:0 a.m.21 views

XSS vulnerability in FortiClientEMS

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

4.4AI score0.00269EPSS
Exploits0Affected Software1
Rows per page
Query Builder