Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-23949	Cross-site Scripting vulnerability in Broadcom products An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. network low complexity broadcom CWE-79	5.4
2023-01-26	CVE-2023-23950	Cross-site Scripting vulnerability in Broadcom products User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. network low complexity broadcom CWE-79	6.1
2023-01-26	CVE-2023-23951	Cross-site Scripting vulnerability in Broadcom products Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application network low complexity broadcom CWE-79	6.1
2022-12-16	CVE-2022-25626	Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An unauthenticated user can access Identity Manager’s management console specific page URLs. network low complexity broadcom	5.3
2022-12-16	CVE-2022-25627	Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 local low complexity broadcom	6.7
2022-12-09	CVE-2022-33187	Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. network low complexity broadcom CWE-532	4.9
2022-10-25	CVE-2022-28170	Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. local low complexity broadcom CWE-922	6.5
2022-10-25	CVE-2022-33180	Unspecified vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. local low complexity broadcom	5.5
2022-10-25	CVE-2022-33181	Unspecified vulnerability in Broadcom Fabric Operating System An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. local low complexity broadcom	5.5
2022-08-05	CVE-2021-27798	Path Traversal vulnerability in Broadcom Fabric Operating System 7.3.1D/7.4.1B A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. local low complexity broadcom CWE-22	5.5