Vulnerabilities > Fortinet > Forticlient Enterprise Management Server > 7.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-10	CVE-2024-33508	Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. network low complexity fortinet CWE-77	7.3
2024-03-12	CVE-2023-48788	Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. network low complexity fortinet critical	9.8
2024-02-15	CVE-2023-45581	Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. network low complexity fortinet	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.