An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
FortiClientEMS version 7.0.1 and below.
FortiClientEMS version 6.4.4 and below.
Please upgrade to FortiClientEMS version 6.4.7 or above.
Please upgrade to FortiClientEMS version 7.0.2 or above.