Home
MEDIUM: 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:CDefault status
unaffected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
6.4.7 (semver)
affected
6.4.0 (semver)
affected
Description
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.
Problem types
Execute unauthorized code or commands
Product status
7.2.0 (semver)
7.0.0 (semver)
6.4.7 (semver)
6.4.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-23-342