CVE-2024-45327
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through

Publication date: 2024-09-11

Last updated on: 2024-09-11

Assigner: [email protected]

Description
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
CVSS Scores
Affected Vendors & Products
Vendor Product Version
fortinet fortisoar 7.4.0
fortinet fortisoar 7.4.1
fortinet fortisoar 7.4.2
fortinet fortisoar 7.4.3
fortinet fortisoar 7.3.0
fortinet fortisoar 7.3.1
fortinet fortisoar 7.3.2
fortinet fortisoar 7.2.0
fortinet fortisoar 7.2.1
fortinet fortisoar 7.2.2
fortinet fortisoar 7.0.0
fortinet fortisoar 7.0.1
fortinet fortisoar 7.0.2
fortinet fortisoar 7.0.3
Helpful Resources
Exploitability
CWE ID Description
CWE-307 Improper Restriction of Excessive Authentication Attempts
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-09-11
Date last modified:
2024-09-11
Date generated:
2025-01-15
NVD report: