Vulnerabilities > Broadcom > Fabric Operating System > 8.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2020-15387 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | 5.8 |
| 2021-06-09 | CVE-2020-15383 | Unspecified vulnerability in Broadcom Fabric Operating System Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | 5.0 |
| 2020-12-11 | CVE-2020-15376 | Unspecified vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | 4.0 |
| 2020-12-11 | CVE-2020-15375 | Improper Input Validation vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. | 4.6 |
| 2020-09-25 | CVE-2018-6449 | Cross-site Scripting vulnerability in Broadcom Fabric Operating System Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers | 4.3 |
| 2020-09-25 | CVE-2018-6448 | Unspecified vulnerability in Broadcom Fabric Operating System A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | 5.0 |
| 2020-09-25 | CVE-2018-6447 | Cross-site Scripting vulnerability in Broadcom Fabric Operating System A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | 3.5 |
| 2020-09-25 | CVE-2020-15372 | Improper Control of Dynamically-Managed Code Resources vulnerability in Broadcom Fabric Operating System A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | 2.1 |
| 2020-09-25 | CVE-2020-15371 | Unspecified vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | 7.5 |
| 2018-12-03 | CVE-2018-6440 | Unspecified vulnerability in Broadcom Fabric Operating System A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack. | 6.4 |