Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45327

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.

Published

2024-09-11T10:15:02.023

Last Modified

2025-01-21T21:58:26.373

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisoar	< 7.3.3	Yes
Application	fortinet	fortisoar	< 7.4.4	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-048 Vendor Advisory ([email protected])