Security Vulnerabilities - CVEs Published In August 2023
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-15
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15