Vulnerabilities > Broadcom > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2021-27794 | Improper Authentication vulnerability in Broadcom Fabric Operating System A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | 7.8 |
| 2021-06-09 | CVE-2020-15379 | Improper Input Validation vulnerability in Broadcom Brocade Sannav Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | 7.5 |
| 2021-06-09 | CVE-2020-15380 | Information Exposure Through Log Files vulnerability in Broadcom Sannav 2.1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | 7.5 |
| 2021-06-09 | CVE-2020-15387 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | 7.4 |
| 2021-06-09 | CVE-2020-15381 | Insufficiently Protected Credentials vulnerability in Broadcom Sannav 2.1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | 7.5 |
| 2021-06-09 | CVE-2020-15382 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | 7.2 |
| 2021-06-09 | CVE-2020-15383 | Unspecified vulnerability in Broadcom Fabric Operating System Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | 7.5 |
| 2021-04-22 | CVE-2021-23133 | Race Condition vulnerability in multiple products A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. | 7.0 |
| 2021-03-26 | CVE-2021-28248 | Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. | 7.5 |
| 2021-03-26 | CVE-2021-28246 | Untrusted Search Path vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 7.8 |