Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2021-27797 | Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | 9.8 |
| 2022-02-18 | CVE-2021-30650 | Cross-site Scripting vulnerability in Broadcom Layer7 API Management Oauth Toolkit 4.4 A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. | 6.1 |
| 2022-02-14 | CVE-2022-23992 | Improper Input Validation vulnerability in Broadcom Xcom Data Transport 11.6 XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | 9.8 |
| 2022-02-11 | CVE-2021-45386 | Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | 5.5 |
| 2022-02-11 | CVE-2021-45387 | Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | 5.5 |
| 2022-02-04 | CVE-2022-22689 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Broadcom CA Harvest Software Change Manager CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | 8.8 |
| 2022-01-18 | CVE-2022-23083 | Cross-site Scripting vulnerability in Broadcom products NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. | 6.1 |
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2021-12-02 | CVE-2021-44050 | SQL Injection vulnerability in Broadcom CA Network Flow Analysis CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | 6.5 |