Improper Input Handling in FortiClientEMS Affects Remote Code Execution
CVE-2019-16149

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 28 March 2025

What is CVE-2019-16149?

FortiClientEMS version 6.2.0 is susceptible to a vulnerability that allows an attacker to execute unauthorized code by injecting a malicious payload into the user profile. This flaw occurs due to improper handling of input during the web page generation process, potentially compromising the integrity and security of the affected system.

Affected Version(s)

FortiClientEMS 6.2.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-19-072

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Sep 9, 2019

Fortinet

What is CVE-2019-16149?

Affected Version(s)

References

CVSS V3.1

Timeline