Version 0

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

UNKNOWN Published Aug 15, 2023

CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

UNKNOWN Published Aug 15, 2023

CVE-2023-4326

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites

UNKNOWN Published Aug 15, 2023

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

UNKNOWN Published Aug 15, 2023

CVE-2023-4331

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

UNKNOWN Published Aug 15, 2023

CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

UNKNOWN Published Aug 15, 2023

CVE-2023-4334

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

UNKNOWN Published Aug 15, 2023

CVE-2023-4335

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

UNKNOWN Published Aug 15, 2023

CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

UNKNOWN Published Aug 15, 2023

CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

UNKNOWN Published Aug 15, 2023

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers

UNKNOWN Published Aug 15, 2023

CVE-2023-4339

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions

UNKNOWN Published Aug 15, 2023

CVE-2023-4340

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

UNKNOWN Published Aug 15, 2023

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

UNKNOWN Published Aug 15, 2023

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

UNKNOWN Published Aug 15, 2023

CVE-2023-4343

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter

UNKNOWN Published Aug 15, 2023

CVE-2023-4344

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

UNKNOWN CVSS 9.8 Published Aug 15, 2023

CVE-2023-4323

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup

UNKNOWN Published Aug 15, 2023

CVE-2023-4345

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

UNKNOWN Published Aug 15, 2023