Vulnerabilities > Broadcom > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-06-30 CVE-2021-30648 Improper Authentication vulnerability in Broadcom products
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
network
low complexity
broadcom CWE-287
critical
9.8
2021-06-09 CVE-2020-15377 Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav 2.1.0
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
network
low complexity
broadcom CWE-918
critical
9.8
2020-09-25 CVE-2019-16211 Insufficiently Protected Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
network
low complexity
broadcom CWE-522
critical
9.8
2020-09-25 CVE-2020-15374 Unspecified vulnerability in Broadcom Fabric Operating System
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
network
low complexity
broadcom
critical
9.8
2020-09-25 CVE-2020-15373 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Fabric Operating System
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
network
low complexity
broadcom CWE-119
critical
9.8
2020-09-25 CVE-2020-15371 Code Injection vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
network
low complexity
broadcom CWE-94
critical
9.8
2020-06-29 CVE-2018-6446 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Network Advisor
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
network
low complexity
broadcom CWE-798
critical
9.8
2020-05-08 CVE-2020-12740 Out-of-bounds Read vulnerability in multiple products
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation.
network
low complexity
broadcom fedoraproject CWE-125
critical
9.1
2020-04-15 CVE-2020-11658 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
network
low complexity
broadcom CWE-639
critical
9.8