{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45582","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-10-09T08:01:29.296Z","datePublished":"2023-11-14T18:05:34.247Z","dateUpdated":"2024-08-30T18:14:28.885Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiMail","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.4","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.6","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.8","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.9","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-11-14T18:05:34.247Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-307","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiMail version 7.4.1 or above \nPlease upgrade to FortiMail version 7.2.5 or above \nPlease upgrade to FortiMail version 7.0.7 or above \nPlease upgrade to FortiMail version 6.4.9 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-287","url":"https://fortiguard.com/psirt/FG-IR-23-287"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:21:16.739Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-287","url":"https://fortiguard.com/psirt/FG-IR-23-287","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-30T18:14:14.373874Z","id":"CVE-2023-45582","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-30T18:14:28.885Z"}}]}}