Version 0

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

UNKNOWN Published Aug 15, 2023

CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

UNKNOWN Published Aug 15, 2023

CVE-2023-4326

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites

UNKNOWN Published Aug 15, 2023

CVE-2023-4327

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

UNKNOWN Published Aug 15, 2023

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

UNKNOWN Published Aug 15, 2023

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

UNKNOWN Published Aug 15, 2023

CVE-2023-4331

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

UNKNOWN Published Aug 15, 2023

CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

UNKNOWN Published Aug 15, 2023

CVE-2023-4333

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

UNKNOWN Published Aug 15, 2023

CVE-2023-4334

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

UNKNOWN Published Aug 15, 2023

CVE-2023-4335

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

UNKNOWN Published Aug 15, 2023

CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

UNKNOWN Published Aug 15, 2023

CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

UNKNOWN Published Aug 15, 2023

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers

UNKNOWN Published Aug 15, 2023

CVE-2023-4339

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions

UNKNOWN Published Aug 15, 2023

CVE-2023-4340

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

UNKNOWN Published Aug 15, 2023

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

UNKNOWN Published Aug 15, 2023

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

UNKNOWN Published Aug 15, 2023

CVE-2023-4343

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter

UNKNOWN Published Aug 15, 2023

CVE-2023-4344

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

UNKNOWN CVSS 9.8 Published Aug 15, 2023

CVE-2023-4323

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup

UNKNOWN Published Aug 15, 2023

CVE-2023-4345

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

UNKNOWN Published Aug 15, 2023