CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4329 – Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
https://notcve.org/view.php?id=CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute La interfaz web de Broadcom RAID Controller es vulnerable debido a una configuración HTTP insegura por defecto que no protege la cookie SESSIONID con el atributo SameSite. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4331 – Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
https://notcve.org/view.php?id=CVE-2023-4331
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols La interfaz web de Broadcom RAID Controller tiene una configuración TLS por defecto insegura que soporta protocolos TLS obsoletos y vulnerables. • https://www.broadcom.com/support/resources/product-security-center • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4332 – Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
https://notcve.org/view.php?id=CVE-2023-4332
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file La interfaz web de Broadcom RAID Controller es vulnerable debido a permisos inadecuados en el archivo de registro. • https://www.broadcom.com/support/resources/product-security-center • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4333 – Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
https://notcve.org/view.php?id=CVE-2023-4333
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server Broadcom RAID Controller Web Interface no aplica la orden de cifrado SSL por el servidor. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4334 – Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
https://notcve.org/view.php?id=CVE-2023-4334
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication Broadcom RAID Controller Web Server (nginx) está sirviendo archivos privados sin ninguna autenticación. • https://www.broadcom.com/support/resources/product-security-center • CWE-306: Missing Authentication for Critical Function •