Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-25626 Improper Authentication vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4
An unauthenticated user can access Identity Manager’s management console specific page URLs.
network
low complexity
broadcom CWE-287
5.3
2022-12-16 CVE-2022-25627 Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
local
low complexity
broadcom
6.7
2022-12-16 CVE-2022-25628 XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
network
low complexity
broadcom CWE-611
8.8
2022-12-09 CVE-2022-33187 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs.
network
low complexity
broadcom CWE-532
4.9
2022-12-01 CVE-2022-37016 Improper Privilege Management vulnerability in Broadcom Symantec Endpoint Protection
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
broadcom CWE-269
critical
9.8
2022-12-01 CVE-2022-37017 Incorrect Authorization vulnerability in Broadcom Symantec Endpoint Protection
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls.
network
low complexity
broadcom CWE-863
7.5
2022-10-25 CVE-2022-28169 Improper Privilege Management vulnerability in Broadcom Fabric Operating System
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user.
network
low complexity
broadcom CWE-269
8.8
2022-10-25 CVE-2022-28170 Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements.
local
low complexity
broadcom CWE-922
6.5
2022-10-25 CVE-2022-33178 Improper Input Validation vulnerability in Broadcom Fabric Operating System
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
network
low complexity
broadcom CWE-20
7.2
2022-10-25 CVE-2022-33179 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
local
low complexity
broadcom
8.8