An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM may allow an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests at a high frequency.
|Upgrade to 1.1.0 or above
|1.0 all versions
|Migrate to a fixed release
AcknowledgementInternally discovered and reported by Josh Wang from FortiPAM developpement team.
2024-01-02: Initial publication