3 matches found
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...
CVE-2024-45327
FortiSOAR is affected by an improper authorization vulnerability (CWE-285) in the change password endpoint, enabling an authenticated attacker to perform brute force attacks on user and administrator passwords. Affected FortiSOAR versions are 7.0.0–7.0.3, 7.2.0–7.2.2, 7.3.0–7.3.2, and 7.4.0–7.4.3...
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...