Vulnerabilities > Fortinet > Forticlient Enterprise Management Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-03-12 CVE-2023-48788 Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet
critical
9.8
2021-12-08 CVE-2021-41030 Authentication Bypass by Capture-replay vulnerability in Fortinet Forticlient Enterprise Management Server
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
network
low complexity
fortinet CWE-294
critical
9.1