A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Upgrade to FortiSOAR on-premise version 7.6.5 or above
Upgrade to upcoming FortiSOAR on-premise version 7.5.3 or above
Upgrade to FortiSOAR PaaS version 7.6.5 or above
Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or above