Vulnerabilities > Fortinet > Forticlient Endpoint Management Server > 6.0.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-12	CVE-2023-47534	Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. network low complexity fortinet CWE-1236	8.8
2021-10-06	CVE-2020-15941	Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. network low complexity fortinet CWE-22	5.5
2021-10-06	CVE-2021-24019	Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) network low complexity fortinet CWE-613	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.