Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
Fortinet FortiSOAR 安全漏洞
Vulnerability Description
Fortinet FortiSOAR是美国飞塔(Fortinet)公司的一种安全编排、自动化和响应 (SOAR) 解决方案。 Fortinet FortiSOAR存在安全漏洞,该漏洞源于授权管理不当。攻击者利用该漏洞通过特制的HTTP请求对用户和管理员密码进行暴力攻击。以下版本受到影响:7.4.0版本至7.4.3版本、7.3.0版本至7.3.2版本、7.2.0版本至7.2.2版本和7.0.0版本至7.0.3版本。
CVSS Information
N/A
Vulnerability Type
N/A