PSIRT Advisories

FortiClientEMS - Sensitive information leak

Summary

A missing encryption of sensitive data vulnerability [CWE-311] in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools.

Affected Products

FortiClientEMS 7.0.1 and earlier.

FortiClientEMS 6.4.6 and earlier.

Solutions

Upgrade to FortiClientEMS 7.0.2 and later.

Upgrade to FortiClientEMS 6.4.7 and later.