An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
CVE ID: CVE-2024-36510
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.9
Vendor: Fortinet
Product: FortiClientEMS
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 19.27% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)