Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nlict
New Contributor

FortiClientEMS 7.2 - Pervasive SQL injection in DAS component

Hi Support,

 

Got a question regarding the Android ForticlientEMS 7.2.2.

 

On 12 march we saw a message regarding ForticlientEMS 7.2.2 having a vulnerability. (See link under)

All of our EMS client have been updated to the latest version 7.2.4.

 

Now is my question, when will the Android app be updated to the latest version because from what i can see is that this version on the App store is 7.2.2.0127.

And second question, does this vulnerability also apply to the Android FortiEMS?

 

Link:

PSIRT | FortiGuard Labs

FortiClient - Apps on Google Play

 

Kind regards,

 

Dennis Zaan

1 Solution
johnathan
Staff
Staff

Please note, this vulnerability only affects the FortiClient EMS server, not the endpoints themselves. If your EMS server is on 7.2.3 or above you are fine.

"Never trust a computer you can't throw out a window."

View solution in original post

3 REPLIES 3
johnathan
Staff
Staff

Please note, this vulnerability only affects the FortiClient EMS server, not the endpoints themselves. If your EMS server is on 7.2.3 or above you are fine.

"Never trust a computer you can't throw out a window."
AEK
SuperUser
SuperUser

There is no SQL server on FortiClient (client side), there is only on FortiClient EMS (server side) and you have already patched it to the safe version.

AEK
AEK
nlict
New Contributor

**bleep** i feel stupid.. thanks guys! 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors