Vulnerabilities > Fortinet > Forticlient Enterprise Management Server > 6.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-15 | CVE-2023-45581 | Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. | 7.2 |
2021-12-09 | CVE-2021-36189 | Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data | 4.9 |
2021-12-08 | CVE-2021-41030 | Authentication Bypass by Capture-replay vulnerability in Fortinet Forticlient Enterprise Management Server An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | 9.1 |
2021-12-01 | CVE-2021-32592 | Uncontrolled Search Path Element vulnerability in Fortinet products An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. | 7.8 |