4 matches found
CVE-2024-1509
CVE-2024-1509 affects Brocade ASCG prior to version 3.2.0, where the web interface does not enforce HTTP Strict Transport Security (HSTS) for ports 8030 and 8100. Root cause: missing HSTS enforcement increases susceptibility to downgrade and SSL-stripping MITM attacks and weakens cookie-hijacking...
CVE-2025-6391
CVE-2025-6391 affects Brocade ASCG prior to 3.3.0. The issue arises from logging JSON Web Tokens (JWT) in log files, enabling an attacker with log access to withdraw unencrypted tokens, potentially leading to unauthorized access, session hijacking, and information disclosure. Public-coverage in m...
CVE-2025-7398
The CVE-2025-7398 issue affects Brocade ASCG prior to version 3.3.0. The vulnerability arises from the use of medium-strength cryptography on internal ports 9000 and 8036, potentially reducing cryptographic strength for traffic on those ports. Descriptions across multiple sources consistently ref...
CVE-2026-0869
CVE-2026-0869 describes an authentication bypass in Brocade ASCG 3.4.0, enabling an unauthorized user to perform ASCG operations related to Brocade Support Link (BSL) and streaming configuration. The vulnerability could also disable the ASCG application or disable BSL data collection on fabric sw...