Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2021-01-05 CVE-2020-29478 Unspecified vulnerability in Broadcom CA Service Catalog 17.2/17.3
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
network
low complexity
broadcom
5.0
2020-12-10 CVE-2020-12595 Unspecified vulnerability in Broadcom Symantec Messaging Gateway
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.
network
low complexity
broadcom
4.0
2020-12-10 CVE-2020-12594 Improper Privilege Management vulnerability in Broadcom Symantec Messaging Gateway
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance.
network
low complexity
broadcom CWE-269
critical
9.0
2020-11-23 CVE-2020-28421 Improper Privilege Management vulnerability in Broadcom Unified Infrastructure Management
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
local
low complexity
broadcom CWE-269
4.6
2020-06-29 CVE-2018-6446 USE of Hard-Coded Credentials vulnerability in Broadcom Brocade Network Advisor
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
7.5
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.8
2020-04-15 CVE-2020-11660 Information Exposure vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
network
low complexity
broadcom CWE-200
4.0
2020-04-15 CVE-2020-11659 Authorization Bypass Through User-Controlled KEY vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
network
low complexity
broadcom CWE-639
4.0
2020-04-15 CVE-2020-11658 Authorization Bypass Through User-Controlled KEY vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
network
low complexity
broadcom CWE-639
7.5
2020-04-15 CVE-2020-11666 Improper Privilege Management vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
network
low complexity
broadcom CWE-269
6.5