Vulnerability Description
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
CVSS Score
6.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient Enterprise Management Server | >= 6.4.0, <= 6.4.4 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-21-140PatchVendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-140PatchVendor Advisory
FAQ
What is CVE-2021-36189?
CVE-2021-36189 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
How severe is CVE-2021-36189?
CVE-2021-36189 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36189?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient Enterprise Management Server.