Vulnerabilities > Broadcom > Fabric Operating System > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2018-6447 Cross-site Scripting vulnerability in Broadcom Fabric Operating System
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
network
low complexity
broadcom CWE-79
5.4
2020-09-25 CVE-2020-15372 Improper Control of Dynamically-Managed Code Resources vulnerability in Broadcom Fabric Operating System
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
local
low complexity
broadcom CWE-913
5.5
2020-09-25 CVE-2020-15370 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext.
network
low complexity
broadcom CWE-532
6.5
2020-05-28 CVE-2020-13645 Improper Certificate Validation vulnerability in multiple products
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.
6.5
2018-11-08 CVE-2018-6433 Improper Input Validation vulnerability in Broadcom Fabric Operating System
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
local
low complexity
broadcom CWE-20
5.5
2018-02-08 CVE-2017-6227 A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
low complexity
brocade broadcom
6.5
2018-02-08 CVE-2017-6225 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
network
low complexity
brocade broadcom CWE-79
6.1
2016-08-22 CVE-2016-4376 7PK - Security Features vulnerability in Broadcom Fabric Operating System
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
broadcom CWE-254
6.5