Information Disclosure Vulnerability in Fortinet FortiClientEMS
CVE-2021-36189

6.8MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortinet Forticlientems
Vendor
CVE Published:
9 December 2021

What is CVE-2021-36189?

A vulnerability exists in Fortinet FortiClientEMS where sensitive data is not adequately encrypted, allowing attackers to access decrypted information through browser inspection in versions 6.4.4 and earlier, as well as in version 7.0.1 and below. This oversight poses significant risks for organizations relying on proper data protection measures.

Affected Version(s)

Fortinet FortiClientEMS FortiClientEMS 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

References

https://fortiguard.com/advisory/FG-IR-21-140
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.