Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2022-43933 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. | 4.4 |
| 2024-11-21 | CVE-2022-43934 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | 7.5 |
| 2024-11-21 | CVE-2022-43935 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | 4.4 |
| 2024-11-21 | CVE-2022-43936 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | 4.9 |
| 2024-11-21 | CVE-2022-43937 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | 5.5 |
| 2024-11-21 | CVE-2024-10403 | Files or Directories Accessible to External Parties vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | 7.5 |
| 2024-11-12 | CVE-2024-7516 | Missing Authentication for Critical Function vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | 7.1 |
| 2024-07-15 | CVE-2024-38493 | Cross-site Scripting vulnerability in Broadcom Symantec Privileged Access Management 4.1.0.0/4.1.0.10 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. | 6.1 |
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |
| 2024-06-26 | CVE-2024-29953 | Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. | 4.3 |