CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25631
https://notcve.org/view.php?id=CVE-2022-25631
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated • https://support.broadcom.com/external/content/SecurityAdvisories/0/21165 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25626
https://notcve.org/view.php?id=CVE-2022-25626
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. Un usuario no autenticado puede acceder a las URL de páginas específicas de la consola de administración de Identity Manager. Sin embargo, el sistema no permite al usuario realizar tareas del lado del servidor sin una sesión web válida. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25628
https://notcve.org/view.php?id=CVE-2022-25628
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 Un usuario autenticado puede realizar una inyección de entidad externa XML en Management Console en Symantec Identity Manager 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25627
https://notcve.org/view.php?id=CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 Un administrador autenticado que tenga acceso físico al entorno puede realizar una ejecución remota de comandos en Management Console en Symantec Identity Manager 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33187 – Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs
https://notcve.org/view.php?id=CVE-2022-33187
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Brocade SANnav anterior a v2.2.1 registra nombres de usuarios y contraseñas codificadas en registros habilitados para depuración. La vulnerabilidad podría permitir que un atacante con privilegios de administrador lea información confidencial. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122 • CWE-532: Insertion of Sensitive Information into Log File •