Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36510

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

Published

2025-01-14T14:15:30.737

Last Modified

2025-01-31T16:30:50.753

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-204
Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	forticlientems	< 7.2.5	Yes
Application	fortinet	forticlientems	7.4.0	Yes
Application	fortinet	fortisoar	< 7.3.3	Yes
Application	fortinet	fortisoar	< 7.4.5	Yes
Application	fortinet	fortisoar	7.5.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-071 Vendor Advisory ([email protected])