Main Vulnerability Database Vulnerabilities #VU107354

#VU107354 Observable Response Discrepancy in FortiClientEMS and FortiSOAR - CVE-2024-36510

Published: April 10, 2025 / Updated: May 20, 2025

Vulnerability identifier: #VU107354

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-36510

CWE-ID: CWE-204

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiClientEMS
FortiSOAR

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to observable response discrepancy in authentication component. An unauthenticated attacker can enumerate valid users via observing login request responses.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-071

#VU107354 Observable Response Discrepancy in FortiClientEMS and FortiSOAR - CVE-2024-36510

Description

Remediation

External links

Please verify you're human