CVSS: 8.1EPSS: 9%CPEs: 2EXPL: 2CVE-2018-6443 – Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-6443
22 Jan 2019 — A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. Una vulnerabilidad en Brocade Network Advisor Versions, en versiones anteriores a... • https://packetstorm.news/files/id/153035 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2018-6444
https://notcve.org/view.php?id=CVE-2018-6444
22 Jan 2019 — A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. Una vulnerabilidad en Brocade Network Advisor, en versiones anteriores a la 14.1.0, podría permitir a un usuario remoto no autenticado ejecutar código arbitrario. La vulnerabilidad podría explotarse para ejecutar comandos arbitrarios del sistema operativo. • https://security.netapp.com/advisory/ntap-20190411-0005 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6445
https://notcve.org/view.php?id=CVE-2018-6445
22 Jan 2019 — A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords. Una vulnerabilidad en Brocade Network Advisor, en versiones anteriores a la 14.0.3, podría permitir a un atacante remoto no autenticado exportar la base de datos del usuario actual que ... • https://security.netapp.com/advisory/ntap-20190411-0005 •