Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-23951 | Cross-site Scripting vulnerability in Broadcom products Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | 6.1 |
| 2023-01-20 | CVE-2022-25631 | Unspecified vulnerability in Broadcom Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | 7.8 |
| 2022-12-16 | CVE-2022-25626 | Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An unauthenticated user can access Identity Manager’s management console specific page URLs. | 5.3 |
| 2022-12-16 | CVE-2022-25627 | Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 | 6.7 |
| 2022-12-16 | CVE-2022-25628 | XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 |
| 2022-12-09 | CVE-2022-33187 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. | 4.9 |
| 2022-12-01 | CVE-2022-37016 | Unspecified vulnerability in Broadcom Symantec Endpoint Protection Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 |
| 2022-12-01 | CVE-2022-37017 | Unspecified vulnerability in Broadcom Symantec Endpoint Protection Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. | 7.5 |
| 2022-10-25 | CVE-2022-28169 | Improper Privilege Management vulnerability in Broadcom Fabric Operating System Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. | 8.8 |
| 2022-10-25 | CVE-2022-28170 | Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. | 6.5 |