cvelistv5 - cve-2025-59922

CVE-2025-59922 (GCVE-0-2025-59922)

Vulnerability from cvelistv5

Published

2026-01-13 16:32

Modified

2026-01-14 09:16

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

CWE-89 - Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-735

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClientEMS	Version: 7.4.3 ≤ 7.4.4 Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.13 cpe:2.3:a:fortinet:forticlientems:7.4.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.0:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.10:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.9:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.8:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.7:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.6:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.5:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.2:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.0:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.13:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.12:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.11:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.10:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.9:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.8:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.7:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.6:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.5:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.2:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:39:37.452586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:39:42.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:14.334Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-735",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-735"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiClientEMS version 7.4.5 or above\nUpgrade to FortiClientEMS version 7.2.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59922",
    "datePublished": "2026-01-13T16:32:28.715Z",
    "dateReserved": "2025-09-23T12:51:54.672Z",
    "dateUpdated": "2026-01-14T09:16:14.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2026-AVI-0035

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.0.x
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiClient	FortiClientEMS toutes versions 7.0.x
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.17
Fortinet	FortiFone	FortiFone versions 3.0.x antérieures à 3.0.24
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.4.x
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 5.0.5
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.9
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.8
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSASE	FortiSASE versions 25.x antérieures à 25.2.c
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet	FortiClient	FortiClientEMS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiFone	FortiFone versions 7.0.x antérieures à 7.0.2
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.18
Fortinet	FortiSIEM	FortiSIEM versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.7.x
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.5
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.2.x
Fortinet	FortiSIEM	FortiSIEM toutes versions 7.0.x

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-783	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-778	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-084	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-260	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-735	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-772	2026-01-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.0.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0  7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0  6.4.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiFone versions 3.0.x ant\u00e9rieures \u00e0 3.0.24",
      "product": {
        "name": "FortiFone",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.4.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 5.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.9",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 25.x ant\u00e9rieures \u00e0 25.2.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiFone versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiFone",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0  7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.7.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.2.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 7.0.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58693"
    },
    {
      "name": "CVE-2025-47855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47855"
    },
    {
      "name": "CVE-2025-59922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59922"
    },
    {
      "name": "CVE-2025-25249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25249"
    },
    {
      "name": "CVE-2025-67685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67685"
    },
    {
      "name": "CVE-2025-64155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64155"
    }
  ],
  "initial_release_date": "2026-01-14T00:00:00",
  "last_revision_date": "2026-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0035",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-783",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-783"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-778",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-778"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-084",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-084"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-260"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-735",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-735"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-772",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-772"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-59922 (GCVE-0-2025-59922)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0035

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature