Vulnerabilities > Broadcom > Fabric Operating System > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2018-6447 | Cross-site Scripting vulnerability in Broadcom Fabric Operating System A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | 5.4 |
2020-09-25 | CVE-2020-15372 | Improper Control of Dynamically-Managed Code Resources vulnerability in Broadcom Fabric Operating System A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | 5.5 |
2020-09-25 | CVE-2020-15370 | Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. | 6.5 |
2020-05-28 | CVE-2020-13645 | Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. | 6.5 |
2018-11-08 | CVE-2018-6433 | Improper Input Validation vulnerability in Broadcom Fabric Operating System A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. | 5.5 |
2018-02-08 | CVE-2017-6227 | A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | 6.5 |
2018-02-08 | CVE-2017-6225 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. | 6.1 |
2016-08-22 | CVE-2016-4376 | 7PK - Security Features vulnerability in Broadcom Fabric Operating System HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | 6.5 |