Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2021-46825 Improper Authentication vulnerability in Broadcom Advanced Secure Gateway and Proxysg
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability.
network
low complexity
broadcom CWE-287
6.4
2022-06-27 CVE-2022-28166 Unspecified vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.2.0.0
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
network
low complexity
broadcom
5.0
2022-06-27 CVE-2022-28167 Insecure Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.2.0.0
Brocade SANnav before Brocade SANvav v.
network
low complexity
broadcom CWE-922
4.0
2022-06-27 CVE-2022-28168 Insecure Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.2.0.0
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
network
low complexity
broadcom CWE-922
5.0
2022-06-24 CVE-2021-30651 Insufficiently Protected Credentials vulnerability in Broadcom Symantec Messaging Gateway 10.7/10.7.4
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
network
low complexity
broadcom CWE-522
4.0
2022-06-16 CVE-2022-33739 XML Injection (aka Blind XPath Injection) vulnerability in Broadcom CA Clarity 15.9.0
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
network
low complexity
broadcom CWE-91
5.0
2022-06-16 CVE-2022-33750 Improper Authentication vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
network
low complexity
broadcom CWE-287
7.5
2022-06-16 CVE-2022-33751 Exposure of Resource to Wrong Sphere vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
network
low complexity
broadcom CWE-668
5.0
2022-06-16 CVE-2022-33752 Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
network
low complexity
broadcom CWE-20
7.5
2022-06-16 CVE-2022-33753 Exposure of Resource to Wrong Sphere vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
network
low complexity
broadcom CWE-668
6.5