Broadcom: >> Raid Controller Web Interface Security Vulnerabilities
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-15