| IR Number | FG-IR-20-067 |
| Date | Nov 2, 2021 |
| Severity |
Medium |
| CVSSv3 Score | 4 |
| Impact | Unauthorized code execution |
| CVE ID | CVE-2020-15940 |
| Affected Products |
FortiClientEMS
:
6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClientEMS - Authenticated Injection vulnerabilities
Summary
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.
Affected Products
FortiClientEMS version 6.4.1 and below.
Solutions
Please upgrade to version 6.4.2 or above.
Please upgrade to version 7.0.0 or above.