Vulnerabilities > Fortinet > Forticlient Endpoint Management Server > 1.2.4

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-10	CVE-2024-21753	Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests network low complexity fortinet CWE-22	6.0
2021-10-06	CVE-2020-15941	Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. network low complexity fortinet CWE-22	5.4
2021-10-06	CVE-2021-24019	Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) network low complexity fortinet CWE-613 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.