A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
Software | From | Fixed in |
---|---|---|
fortinet / forticlient_endpoint_management_server | - | 6.2.9 |
fortinet / forticlient_endpoint_management_server | 6.4.0 | 6.4.2 |