22 matches found
CVE-2023-4335
The CVE-2023-4335 issue affects the Broadcom RAID Controller Web server (nginx) on Linux, where private server-side files are served without authentication due to a flaw in access control. Impact is exposure of confidential information; CVSS base score 7.5 (HIGH) with network attack vector and no...
CVE-2023-4336
CVE-2023-4336 affects Broadcom RAID Controller web interface. Root cause: insecure default HTTP configuration that fails to set the Secure attribute on cookies. Reported impact includes high confidentiality, integrity, and availability concerns (networks exploitability with no user interaction; b...
CVE-2023-4328
CVE-2023-4328 affects the Broadcom RAID Controller web interface. The vulnerability allows exposure of encryption keys and other sensitive data to any local user on Windows through the web interface, with impact to confidentiality (C:H) and local attack vector. CVSS: Local access, low privileges,...
CVE-2023-4326
The CVE-2023-4326 entry concerns the Broadcom RAID Controller web interface, where the vulnerability arises from an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. Affected component is the web interface of Broadcom RAID Controllers; root cause is weak TLS ciphe...
CVE-2023-4323
CVE-2023-4323 affects Broadcom RAID Controller web interface, with the vulnerability in improper session management of active sessions on Gateway setup. The Red Hat and NVD entries corroborate, describing a critical issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) that allows network access...
CVE-2023-4324
The CVE-2023-4324 entry describes a vulnerability in the Broadcom RAID Controller web interface due to insecure defaults lacking HTTP Content-Security-Policy headers. Affected component: Broadcom RAID Controller Web Interface. Root cause: missing CSP headers in the web UI. Reported impact in sour...
CVE-2023-4325
CVE-2023-4325 affects the Broadcom Broadcom RAID Controller web interface, where the vulnerability stems from the software’s usage of Libcurl with LSA. The entry is supported by multiple connected sources (Red Hat, NVD, CVE listing, PT Security, CNNVD, Intel advisory) that describe the issue in t...
CVE-2023-4327
The CVE-2023-4327 entry concerns Broadcom RAID Controller web interface, where encryption keys are exposed to any local user on Linux. Affected software is the Broadcom RAID Controller web interface; root cause is exposure of sensitive data via the web UI, enabling access to encryption keys with ...
CVE-2023-4334
The CVE-2023-4334 issue affects Broadcom RAID Controller Web server (nginx); the vulnerability arises because the web server serves private files without requiring authentication, enabling exposure of private data over the network. Public sources in the connected documents corroborate that unauth...
CVE-2023-4343
CVE-2023-4343 affects the Broadcom RAID Controller web interface, where sensitive password information is exposed in the URL as a search parameter. This leads to potential information disclosure by inspecting URLs. The provided documents do not include explicit exploit details or a mitigated/fixe...
CVE-2023-4338
CVE-2023-4338 concerns the Broadcom RAID Controller web interface, where an insecure default HTTP configuration fails to set the X-Content-Type-Options header. The CVE entry is supported by multiple connected sources, which identify the affected component as the Broadcom/Intel RAID Web Console in...
CVE-2023-4329
CVE-2023-4329 affects Broadcom RAID Controller web interface / Broadcom Broadcom RAID Web Console Software, as described across multiple sources in the connected documents. The vulnerability arises from an insecure default HTTP configuration that fails to safeguard the SESSIONID cookie with the S...
CVE-2023-4339
CVE-2023-4339 affects the Broadcom RAID Controller web interface. The vulnerability is the exposure of CIM private keys stored with insecure file permissions, leading to potential confidentiality impact. Root cause: CIM private keys stored in insecure permissions on the Broadcom RAID Controller w...
CVE-2023-4342
CVE-2023-4342 affects the Broadcom RAID Controller web interface. Root cause: insecure defaults due to a missing HTTP Strict-Transport-Security policy. Documented impact indicates high confidentiality, integrity, and availability risk from a network-accessible web interface, with exploitation det...
CVE-2023-4345
CVE-2023-4345 affects Broadcom RAID Controller web interface, describing a client-side control bypass that can lead to unauthorized data access by a low-privileged user. The NVD entry assigns CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (base 6.5, MEDIUM) with high confidentiality impact and no ...
CVE-2023-4341
CVE-2023-4341 affects the Broadcom RAID Controller. The vulnerability allows privilege escalation to root by exploiting insecure folder creation via the Web GUI. The NVD entry notes a high-severity impact (CVSSv3.1: 9.8, HIGH for confidentiality, integrity, and availability; network attack vector...
CVE-2023-4344
Summary: CVE-2023-4344 affects the Broadcom RAID Controller web interface, where the vulnerability stems from insufficient randomness due to improper use of ssl.rnd to set up CIM connections. Affected product/where it’s exposed: Broadcom RAID Controller web interface (Broadcom RAID Controller fam...
CVE-2023-4333
CVE-2023-4333 affects the Broadcom RAID Controller web interface, where the server does not enforce SSL cipher ordering. The NVD entry notes a Low attack vector and Low privileges required with Local access, and a High confidentiality impact but no integrity/availability impact. The connected Red...
CVE-2023-4331
CVE-2023-4331 concerns the Broadcom RAID Controller web interface, which is described as using an insecure default TLS configuration that supports obsolete and vulnerable TLS protocols. The combination of a network-accessible web interface and weak TLS, per the sources, implies potential confiden...
CVE-2023-4337
CVE-2023-4337 affects the Broadcom RAID Controller web interface. The vulnerability arises from improper session handling of gateway-installed managed servers. Based on NVD metrics, it is a CRITICAL issue (CVSS v3.1: 9.8) with network access, no user interaction required, and high impact to confi...
CVE-2023-4340
Summary: CVE-2023-4340 affects the Broadcom RAID Controller, enabling privilege escalation by exploiting how session prints are logged. The vulnerability description appears consistently across initial and connected records (Red Hat, NVD, CNNVD, CVE listing). Affected product/area: Broadcom RAID ...
CVE-2023-4332
CVE-2023-4332 affects Broadcom RAID Controller web interface. The vulnerability arises from improper permissions on the log file, enabling unauthorized access to log data. The base CVSS v3.1 score is 7.5 (High) with Confidentiality Impact: High; other impacts are None. The issue is documented acr...