Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2021-27794 Improper Authentication vulnerability in Broadcom Fabric Operating System
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
local
low complexity
broadcom CWE-287
7.8
2021-06-09 CVE-2020-15379 Improper Input Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
network
low complexity
broadcom CWE-20
7.5
2021-06-09 CVE-2020-15380 Information Exposure Through Log Files vulnerability in Broadcom Sannav 2.1.0
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
network
low complexity
broadcom CWE-532
7.5
2021-06-09 CVE-2020-15387 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
network
high complexity
broadcom CWE-326
7.4
2021-06-09 CVE-2020-15381 Insufficiently Protected Credentials vulnerability in Broadcom Sannav 2.1.0
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
network
low complexity
broadcom CWE-522
7.5
2021-06-09 CVE-2020-15382 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
network
low complexity
broadcom CWE-798
7.2
2021-06-09 CVE-2020-15383 Unspecified vulnerability in Broadcom Fabric Operating System
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
network
low complexity
broadcom
7.5
2021-04-22 CVE-2021-23133 Race Condition vulnerability in multiple products
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process.
7.0
2021-03-26 CVE-2021-28248 Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts.
network
low complexity
broadcom CWE-307
7.5
2021-03-26 CVE-2021-28246 Untrusted Search Path vulnerability in Broadcom Ehealth
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library.
local
low complexity
broadcom CWE-426
7.8