CVE-2019-16149

MEDIUM

FortiClientEMS < 6.2.1 - Remote Code Execution via User Profile Injection

Title source: llm

Description

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-19-072

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

fortinet/forticlientems < 6.2.1

Published Mar 28, 2025

Tracked Since Feb 18, 2026