- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClientEMS v7.2.6 - CVE-2024-11236 Out of Bounds Write Vulnerability
Hi,
I'm testing the FortiClient EMS solution on a trial license. After updating to version 7.2.6, the system detected the PHP CVE-2024-11236 Out of Bounds Write Vulnerability. Is there a way to report this to have the vulnerable application version updated?
Solved! Go to Solution.
- Labels:
-
FortiClient EMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Andrzej_PL ,
Thanks for reporting this vulnerability.
We have this Mantis 1089768 tracking this issue. The fix will be included in FortiClient EMS 7.2.7 GA.
Jerry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please refer:-
https://www.fortiguard.com/encyclopedia/endpoint-vuln/82436
I do not see forticlient ems is affected
Salon Raj Joshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok but it is scan result on ems server - version 7.2.6 is windows platform
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This Forticlient is install in the wins server where EMS server is setup?
Salon Raj Joshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
exactly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so... any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Andrzej_PL ,
Thanks for reporting this vulnerability.
We have this Mantis 1089768 tracking this issue. The fix will be included in FortiClient EMS 7.2.7 GA.
Jerry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
unfortunately, the problem remains in the new client version 7.2.7 - the version of the php application with the given vulnerability is still used. php.exe must be in version 8.3.14, and it is in 8.3.13