PT-2021-21170 · Fortinet · Forticlientems
Published
2021-12-09
·
Updated
2021-12-10
·
CVE-2021-36189
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiClientEMS versions 7.0.1 and below
Fortinet FortiClientEMS versions 6.4.4 and below
Description
The issue concerns a missing encryption of sensitive data, allowing an attacker to disclose information via inspecting browser decrypted data.
Recommendations
For Fortinet FortiClientEMS versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue.
For Fortinet FortiClientEMS versions 6.4.4 and below, update to a version above 6.4.4 to resolve the issue.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forticlientems