Environment variable information leaking in sign-in homepage
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS mangement interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
Version | Affected | Solution |
---|---|---|
FortiClientEMS 7.2 | Not affected | Not Applicable |
FortiClientEMS 7.0 | 7.0.0 through 7.0.7 | Upgrade to 7.0.8 or above |
FortiClientEMS 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiClientEMS 6.2 | 6.2 all versions | Migrate to a fixed release |
Timeline
2023-08-30: Initial publication