CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4335 – Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
https://notcve.org/view.php?id=CVE-2023-4335
15 Aug 2023 — Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux Broadcom RAID Controller Web server (nginx) está sirviendo archivos privados del lado del servidor sin ninguna autenticación en Linux. • https://www.broadcom.com/support/resources/product-security-center • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4336 – Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
https://notcve.org/view.php?id=CVE-2023-4336
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute La interfaz web de Broadcom RAID Controller es vulnerable debido a una configuración HTTP insegura por defecto que no protege las cookies con el atributo "Secure". • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4337 – Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
https://notcve.org/view.php?id=CVE-2023-4337
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation La interfaz web de Broadcom RAID Controller es vulnerable a la gestión inadecuada de sesiones de servidores gestionados en la instalación de la puerta de enlace. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4338 – Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
https://notcve.org/view.php?id=CVE-2023-4338
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4339 – Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
https://notcve.org/view.php?id=CVE-2023-4339
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4340 – Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
https://notcve.org/view.php?id=CVE-2023-4340
15 Aug 2023 — Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4341 – Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
https://notcve.org/view.php?id=CVE-2023-4341
15 Aug 2023 — Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4342 – Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
https://notcve.org/view.php?id=CVE-2023-4342
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4343 – Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
https://notcve.org/view.php?id=CVE-2023-4343
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4344 – Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
https://notcve.org/view.php?id=CVE-2023-4344
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection • https://www.broadcom.com/support/resources/product-security-center • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •