Lack of rate control to protect against DoS attacks Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-226 Final 1 1 2024-01-09T00:00:00 Current version 2024-01-09T00:00:00 2024-01-02T00:00:00 An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM may allow an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests at a high frequency. None Denial of service Internally discovered and reported by Josh Wang from FortiPAM developpement team. FortiPAM 1.0.3 FortiPAM 1.0.2 FortiPAM 1.0.1 FortiPAM 1.0.0 CVE-2023-37934 FortiPAM-1.0.3 FortiPAM-1.0.2 FortiPAM-1.0.1 FortiPAM-1.0.0 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-226 Lack of rate control to protect against DoS attacks Reference>