Vulnerabilities (CVE)

Filtered by vendor Broadcom Subscribe
Filtered by product Raid Controller Web Interface
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4344 1 Broadcom 1 Raid Controller Web Interface 2024-10-08 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-4333 2 Broadcom, Microsoft 2 Raid Controller Web Interface, Windows 2024-09-25 N/A 5.5 MEDIUM
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
CVE-2023-4328 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2024-09-25 N/A 5.5 MEDIUM
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4327 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2024-09-25 N/A 5.5 MEDIUM
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4332 1 Broadcom 1 Raid Controller Web Interface 2024-09-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2023-4331 1 Broadcom 1 Raid Controller Web Interface 2024-09-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
CVE-2023-4326 1 Broadcom 1 Raid Controller Web Interface 2024-09-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4329 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
CVE-2023-4334 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 7.5 HIGH
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4338 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVE-2023-4336 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
CVE-2023-4341 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVE-2023-4342 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVE-2023-4339 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVE-2023-4343 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVE-2023-4323 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-4345 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 6.5 MEDIUM
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
CVE-2023-4335 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2024-02-05 N/A 7.5 HIGH
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVE-2023-4340 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVE-2023-4325 1 Broadcom 1 Raid Controller Web Interface 2024-02-05 N/A 9.8 CRITICAL
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities