Vulnerabilities > Broadcom > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2022-33750 Improper Authentication vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
network
low complexity
broadcom CWE-287
critical
9.8
2022-06-16 CVE-2022-33752 Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
network
low complexity
broadcom CWE-20
critical
9.8
2022-06-16 CVE-2022-33754 Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
network
low complexity
broadcom CWE-20
critical
9.8
2022-05-06 CVE-2022-28163 SQL Injection vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.1.1.8
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
network
low complexity
broadcom CWE-89
critical
9.8
2022-02-21 CVE-2021-27797 Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
network
low complexity
broadcom CWE-798
critical
9.8
2022-02-14 CVE-2022-23992 Improper Input Validation vulnerability in Broadcom Xcom Data Transport 11.6
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
network
low complexity
broadcom CWE-20
critical
9.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
9.8
2021-11-12 CVE-2021-42774 Classic Buffer Overflow vulnerability in Broadcom Emulex HBA Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks.
network
low complexity
broadcom CWE-120
critical
9.8
2021-11-12 CVE-2021-42775 Unspecified vulnerability in Broadcom Emulex HBA Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host.
network
low complexity
broadcom
critical
9.1
2021-11-03 CVE-2021-42772 Classic Buffer Overflow vulnerability in Broadcom Emulex HBA Manager and ONE Command Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks.
network
low complexity
broadcom CWE-120
critical
9.8