CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31925 – Storage of clear text password in Brocade SANnav
https://notcve.org/view.php?id=CVE-2023-31925
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3489 – firmwaredownload command could log servers passwords in clear text
https://notcve.org/view.php?id=CVE-2023-3489
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. El comando firmwaredownload en Brocade Fabric OS v9.2.0 podría registrar la contraseña del servidor FTP/SFTP/SCP en texto plano en el archivo "SupportSave" al realizar un downgrade de Fabric OS v9.2.0 a culaquier versión anterior de Fabric OS. • https://security.netapp.com/advisory/ntap-20231124-0003 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4324 – Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
https://notcve.org/view.php?id=CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers La interfaz web de Broadcom RAID Controller es vulnerable debido a la falta de seguridad de las cabeceras HTTP Content-Security-Policy. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4325 – Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
https://notcve.org/view.php?id=CVE-2023-4325
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities La interfaz web de Broadcom RAID Controller es vulnerable debido al uso de Libcurl con LSA teniendo vulnerabilidades conocidas. • https://www.broadcom.com/support/resources/product-security-center •