Fortinet

Forticlientems

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2026-39810

  • EPSS 0.01%
  • Veröffentlicht 14.04.2026 15:38:21
  • Zuletzt bearbeitet 21.04.2026 17:18:59

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

6.7

CVE-2026-39809

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 14.04.2026 15:05:56
  • Zuletzt bearbeitet 21.04.2026 17:02:54

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute un...

9.8

CVE-2026-35616

Warnung Medienbericht
  • EPSS 43.21%
  • Veröffentlicht 04.04.2026 00:38:35
  • Zuletzt bearbeitet 06.04.2026 18:12:57

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

9.8

CVE-2026-21643

Warnung Medienbericht Exploit
  • EPSS 62.52%
  • Veröffentlicht 06.02.2026 08:24:43
  • Zuletzt bearbeitet 14.04.2026 14:21:18

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP reques...

7.2

CVE-2025-59922

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 13.01.2026 16:32:28
  • Zuletzt bearbeitet 14.01.2026 21:38:33

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, Fort...

4.3

CVE-2023-48786

  • EPSS 0.09%
  • Veröffentlicht 10.06.2025 16:36:19
  • Zuletzt bearbeitet 16.07.2025 15:17:53

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.

4.8

CVE-2024-32119

  • EPSS 0.04%
  • Veröffentlicht 10.06.2025 16:36:15
  • Zuletzt bearbeitet 16.07.2025 15:20:12

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or taggi...

5.3

CVE-2025-22859

Medienbericht
  • EPSS 0.32%
  • Veröffentlicht 13.05.2025 14:46:42
  • Zuletzt bearbeitet 16.07.2025 15:16:59

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload request...

4.8

CVE-2025-22855

Medienbericht
  • EPSS 0.17%
  • Veröffentlicht 08.04.2025 14:15:32
  • Zuletzt bearbeitet 23.07.2025 16:03:19

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

6.1

CVE-2019-16149

  • EPSS 0.13%
  • Veröffentlicht 28.03.2025 09:07:30
  • Zuletzt bearbeitet 15.07.2025 18:59:31

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the ...