Broadcom: Security Vulnerabilities
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-04-15
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-04-15
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-04-15
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-15
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-15
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-10
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVSS Score
6.1
EPSS Score
0.113
Published
2020-04-02
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019).
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-24
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).
CVSS Score
6.5
EPSS Score
0.0
Published
2020-03-24
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVSS Score
9.8
EPSS Score
0.809
Published
2020-02-18