CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31423 – Possible information exposure through log file vulnerability
https://notcve.org/view.php?id=CVE-2023-31423
31 Aug 2023 — Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. Posible exposición de información a través de la vulnerabilidad del archivo de registro donde se guardan campos sensibles en el registro de configuración sin enmascarar en Brocade SANnav antes de v2.3.0 y ... • https://security.netapp.com/advisory/ntap-20240229-0003 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31925 – Storage of clear text password in Brocade SANnav
https://notcve.org/view.php?id=CVE-2023-31925
31 Aug 2023 — Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credencia... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
31 Aug 2023 — In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3489 – firmwaredownload command could log servers passwords in clear text
https://notcve.org/view.php?id=CVE-2023-3489
30 Aug 2023 — The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. El comando firmwaredownload en Brocade Fabric OS v9.2.0 podría registrar la contraseña del servidor FTP/SFTP/SCP en texto plano en el archivo "SupportSave" al realizar un downgrade de Fabric OS v9.2.0 a culaquier versión anterior de Fabric OS. • https://security.netapp.com/advisory/ntap-20231124-0003 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4324 – Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
https://notcve.org/view.php?id=CVE-2023-4324
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers La interfaz web de Broadcom RAID Controller es vulnerable debido a la falta de seguridad de las cabeceras HTTP Content-Security-Policy. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4325 – Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
https://notcve.org/view.php?id=CVE-2023-4325
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities La interfaz web de Broadcom RAID Controller es vulnerable debido al uso de Libcurl con LSA teniendo vulnerabilidades conocidas. • https://www.broadcom.com/support/resources/product-security-center •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4326 – Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
https://notcve.org/view.php?id=CVE-2023-4326
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites La interfaz web de Broadcom RAID Controller es vulnerable a una configuración TLS predeterminada insegura que admite cifrados obsoletos basados en SHA1. • https://www.broadcom.com/support/resources/product-security-center • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4327 – Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
https://notcve.org/view.php?id=CVE-2023-4327
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux La interfaz web de Broadcom RAID Controller es vulnerable a la exposición de datos sensibles y las claves utilizadas para el cifrado son accesibles a cualquier usuario local en Linux. • https://www.broadcom.com/support/resources/product-security-center • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4328 – Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
https://notcve.org/view.php?id=CVE-2023-4328
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows La interfaz web de Broadcom RAID Controller es vulnerable a la exposición de datos sensibles y las claves utilizadas para el cifrado son accesible a cualquier usuario local en Windows. • https://www.broadcom.com/support/resources/product-security-center • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4329 – Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
https://notcve.org/view.php?id=CVE-2023-4329
15 Aug 2023 — Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute La interfaz web de Broadcom RAID Controller es vulnerable debido a una configuración HTTP insegura por defecto que no protege la cookie SESSIONID con el atributo SameSite. • https://www.broadcom.com/support/resources/product-security-center •