CVE-2021-44172

3.6LOW

Key Information:

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 13 September 2023

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

Affected Version(s)

FortiClientEMS 7.0.6 <= 7.0.7

FortiClientEMS 7.0.0 <= 7.0.4

FortiClientEMS 6.4.7 <= 6.4.9

References

https://fortiguard.com/psirt/FG-IR-21-244

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Nov 23, 2021