CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4342 – Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
https://notcve.org/view.php?id=CVE-2023-4342
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4343 – Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
https://notcve.org/view.php?id=CVE-2023-4343
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4344 – Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
https://notcve.org/view.php?id=CVE-2023-4344
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection • https://www.broadcom.com/support/resources/product-security-center • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4323 – Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
https://notcve.org/view.php?id=CVE-2023-4323
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup La interfaz web de Broadcom RAID Controller es vulnerable a la gestión inadecuada de sesiones activas en la configuración del Gateway. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4345 – Broadcom RAID Controller web interface is vulnerable client-side control bypass
https://notcve.org/view.php?id=CVE-2023-4345
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31926 – Arbitrary File Overwrite using less command
https://notcve.org/view.php?id=CVE-2023-31926
02 Aug 2023 — System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-281: Improper Preservation of Permissions CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31927 – An information disclosure in the web interface of Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-31927
02 Aug 2023 — An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31432 – Privilege issues in multiple commands
https://notcve.org/view.php?id=CVE-2023-31432
01 Aug 2023 — Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. Mediante la manipulación de contraseñas u otras variables, utilizando comandos como portcfgupload, configupload, license, myid, un usuario sin privilegios podría obtener privilegios de root en versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y ... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31928 – XSS vulnerability in Brocade Webtools
https://notcve.org/view.php?id=CVE-2023-31928
01 Aug 2023 — A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. Existe una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Brocade Webtools PortSetting.html de la versión de Brocade Fabric OS anterior a Brocade Fabric OS v9.2.0 que podría permitir a un a... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31428 – CLI allows upload or transfer files of dangerous types
https://notcve.org/view.php?id=CVE-2023-31428
01 Aug 2023 — Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad en la línea de comandos que podría permitir a un usuario local volcar archivos en el directorio raíz del usuario utilizando grep. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-434: Unrestricted Upload of File with Dangerous Type •