Vulnerabilities > CVE-2024-45327 - Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisoar
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |