228 matches found
Authentication flaw
Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...
CVE-2023-4328 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...
CVE-2023-4326
The CVE-2023-4326 entry concerns the Broadcom RAID Controller web interface, where the vulnerability arises from an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. Affected component is the web interface of Broadcom RAID Controllers; root cause is weak TLS ciphe...
CVE-2023-4325
CVE-2023-4325 affects the Broadcom Broadcom RAID Controller web interface, where the vulnerability stems from the software’s usage of Libcurl with LSA. The entry is supported by multiple connected sources (Red Hat, NVD, CVE listing, PT Security, CNNVD, Intel advisory) that describe the issue in t...
CVE-2023-4328 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...
CVE-2023-4326 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites...
CVE-2023-4327 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux...
CVE-2023-4327
The CVE-2023-4327 entry concerns Broadcom RAID Controller web interface, where encryption keys are exposed to any local user on Linux. Affected software is the Broadcom RAID Controller web interface; root cause is exposure of sensitive data via the web UI, enabling access to encryption keys with ...
CVE-2023-4328
CVE-2023-4328 affects the Broadcom RAID Controller web interface. The vulnerability allows exposure of encryption keys and other sensitive data to any local user on Windows through the web interface, with impact to confidentiality (C:H) and local attack vector. CVSS: Local access, low privileges,...
CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...
CVE-2023-4329
CVE-2023-4329 affects Broadcom RAID Controller web interface / Broadcom Broadcom RAID Web Console Software, as described across multiple sources in the connected documents. The vulnerability arises from an insecure default HTTP configuration that fails to safeguard the SESSIONID cookie with the S...
CVE-2023-4325 Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities...
CVE-2023-4326 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites...
CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...
CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...
CVE-2023-4327 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux...
CVE-2023-4324
The CVE-2023-4324 entry describes a vulnerability in the Broadcom RAID Controller web interface due to insecure defaults lacking HTTP Content-Security-Policy headers. Affected component: Broadcom RAID Controller Web Interface. Root cause: missing CSP headers in the web UI. Reported impact in sour...
CVE-2023-4331 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols...
CVE-2023-4333
CVE-2023-4333 affects the Broadcom RAID Controller web interface, where the server does not enforce SSL cipher ordering. The NVD entry notes a Low attack vector and Low privileges required with Local access, and a High confidentiality impact but no integrity/availability impact. The connected Red...
CVE-2023-4335
The CVE-2023-4335 issue affects the Broadcom RAID Controller Web server (nginx) on Linux, where private server-side files are served without authentication due to a flaw in access control. Impact is exposure of confidential information; CVSS base score 7.5 (HIGH) with network attack vector and no...