Information Disclosure Vulnerability in Fortinet FortiClientEMS
CVE-2021-36189

6.8MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientems
Vendor: CVE Published:; 9 December 2021

Summary

A vulnerability exists in Fortinet FortiClientEMS where sensitive data is not adequately encrypted, allowing attackers to access decrypted information through browser inspection in versions 6.4.4 and earlier, as well as in version 7.0.1 and below. This oversight poses significant risks for organizations relying on proper data protection measures.

Affected Version(s)

Fortinet FortiClientEMS FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

References

https://fortiguard.com/advisory/FG-IR-21-140

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2021
Vulnerability Reserved
Jul 6, 2021