CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24502
https://notcve.org/view.php?id=CVE-2025-24502
30 Jan 2025 — An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24501
https://notcve.org/view.php?id=CVE-2025-24501
30 Jan 2025 — An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24500
https://notcve.org/view.php?id=CVE-2025-24500
30 Jan 2025 — The vulnerability allows an unauthenticated attacker to access information in PAM database. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38499 – Improper Privilege Management Vulnerability in CA Client Automation 14.5
https://notcve.org/view.php?id=CVE-2024-38499
17 Dec 2024 — CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. The desktop and server management solution Broadcom CA DSM stores some configuration data of its agent component locally on managed systems in encrypted form. The ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10403 – SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
https://notcve.org/view.php?id=CVE-2024-10403
21 Nov 2024 — Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145 • CWE-528: Exposure of Core Dump File to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 14%CPEs: 3EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
17 Sep 2024 — The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. VMware vCenter contains an improper check for drop... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •
CVSS: 10.0EPSS: 58%CPEs: 3EXPL: 2CVE-2024-38812 – VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-38812
17 Sep 2024 — The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network... • https://github.com/maybeheisenberg/CVE-2024-38812 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38496 – Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability
https://notcve.org/view.php?id=CVE-2024-38496
15 Jul 2024 — The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. La vulnerabilidad permite que un usuario malicioso de PAM con pocos privilegios acceda a información sobre otros usuarios de PAM y sus membresías grupales. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38495 – Symantec Privileged Access Manager User Enumeration vulnerability
https://notcve.org/view.php?id=CVE-2024-38495
15 Jul 2024 — A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. Una estrategia de autenticación específica permite a un atacante malintencionado conocer los identificadores de todos los usuarios de PAM definidos en su base de datos. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38494 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-38494
15 Jul 2024 — This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Esta vulnerabilidad permite a un usuario de PAM autenticado con altos privilegios lograr la ejecución remota de comandos en el sistema PAM afectado enviando una solicitud HTTP especialmente manipulada. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •