Known vulnerabilities in Fortinet, Inc FortiClientEMS

Vendor: Fortinet, Inc
Website: https://www.fortinet.com/
Total Security Bulletins: 19

Security bulletins (19)

Secuity bulletin Severity Status Published
SB2026020968: Pre-authenticated SQL injection in FortiClientEMS Critical
Patched
09.02.2026
SB2026011366: Authenticated SQL injection in FortiClientEMS Low
Patched
13.01.2026
SB2025061109: Improper Authentication in FortiClientEMS Medium
Patched
11.06.2025
SB2025061108: Server-Side Request Forgery (SSRF) in FortiClientEMS Low
Patched
11.06.2025
SB2025051362: Relative path traversal in FortiClientEMS Medium
Patched
13.05.2025
SB2025041033: Improper Verification of Source of a Communication Channel in FortiClientEMS Low
Patched
10.04.2025
SB2025041032: Observable Response Discrepancy in FortiClientEMS and FortiSOAR Medium
Patched
10.04.2025
SB2025040848: Cross-site scripting in FortiClientEMS Medium
Patched
08.04.2025
SB2025011479: FortiClient and FortiClientEMS update for libwebp Critical
Patched Exploited
14.01.2025
SB2025011440: Missing brute-force protection in FortiClientEMS Medium
Patched
14.01.2025
SB2024091086: Path traversal in FortiClientEMS Low
Patched
10.09.2024
SB2024091083: Remote command execution in FortiClientEMS Medium
Patched
10.09.2024
SB20240312318: CSV injection in FortiClientEMS log download feature Low
Patched
12.03.2024
SB20240312306: SQL injection in in Fortinet FortiClientEMS High
Patched Exploited
12.03.2024
SB2024020909: Privilege escalation in FortiClientEMS Medium
Patched
09.02.2024
SB2023092232: Information disclosure in FortiClientEMS Low
Patched
22.09.2023
SB2021111609: Cross-site scripting in Fortinet FortiClientEMS Low
Patched
16.11.2021
SB2021100603: Insufficient Session Expiration in Fortinet FortiClientEMS High
Patched Public exploit
06.10.2021
SB2021100602: Path traversal in Fortinet FortiClientEMS Medium
Patched
06.10.2021