Improper Input Handling in FortiClientEMS Affects Remote Code Execution
CVE-2019-16149

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 28 March 2025

Summary

FortiClientEMS version 6.2.0 is susceptible to a vulnerability that allows an attacker to execute unauthorized code by injecting a malicious payload into the user profile. This flaw occurs due to improper handling of input during the web page generation process, potentially compromising the integrity and security of the affected system.

Affected Version(s)

FortiClientEMS 6.2.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-19-072

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Sep 9, 2019