Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistBrocadeCVELIST:CVE-2022-28169
HistoryOct 25, 2022 - 12:00 a.m.

CVE-2022-28169

2022-10-2500:00:00
brocade
raw.githubusercontent.com

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator’s authorization header.

Related

broadcom 2
cve 1
prion 1
broadcom
broadcom
BSA-2022-2075
2022-09-13 00:00:00
CVE-2022-28169 - Brocade Fabric OS Privilege Escalation Vulnerability (BSA-2022-2075)
2022-09-13 00:00:00
cve
cve
CVE-2022-28169
2022-10-25 21:15:00
prion
prion
Authorization
2022-10-25 21:15:00

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON
Related for CVELIST:CVE-2022-28169
broadcom2cve1prion1