Skip to main content
nlict
nlict
New Member
April 10, 2024
Solved

FortiClientEMS 7.2 - Pervasive SQL injection in DAS component

  • April 10, 2024
  • 3 replies
  • 1676 views

Hi Support,

 

Got a question regarding the Android ForticlientEMS 7.2.2.

 

On 12 march we saw a message regarding ForticlientEMS 7.2.2 having a vulnerability. (See link under)

All of our EMS client have been updated to the latest version 7.2.4.

 

Now is my question, when will the Android app be updated to the latest version because from what i can see is that this version on the App store is 7.2.2.0127.

And second question, does this vulnerability also apply to the Android FortiEMS?

 

Link:

PSIRT | FortiGuard Labs

FortiClient - Apps on Google Play

 

Kind regards,

 

Dennis Zaan

Best answer by johnathan

Please note, this vulnerability only affects the FortiClient EMS server, not the endpoints themselves. If your EMS server is on 7.2.3 or above you are fine.

3 replies

johnathan
Staff
johnathanAnswer
Staff
April 10, 2024

Please note, this vulnerability only affects the FortiClient EMS server, not the endpoints themselves. If your EMS server is on 7.2.3 or above you are fine.

Never trust a computer you can't throw out a window.
AEK
SuperUser
AEK
SuperUser
April 10, 2024

There is no SQL server on FortiClient (client side), there is only on FortiClient EMS (server side) and you have already patched it to the safe version.

AEK
nlict
nlictAuthor
New Member
April 11, 2024

**bleep** i feel stupid.. thanks guys! 

Terms & ConditionsAccessibility statement