CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Broadcom : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42773 200 +Info 2021-11-12 2021-11-15
5.0
None Remote Low Not required Partial None None
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.
2 CVE-2021-28248 307 2021-03-26 2021-03-29
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
3 CVE-2021-27793 863 2021-08-12 2021-08-23
5.0
None Remote Low Not required None None Partial
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
4 CVE-2021-27791 287 Bypass 2021-08-12 2021-08-23
5.5
None Remote Low ??? Partial Partial None
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
5 CVE-2021-22876 200 +Info 2021-04-01 2021-07-20
5.0
None Remote Low Not required Partial None None
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
6 CVE-2020-15387 326 2021-06-09 2021-08-23
5.8
None Remote Medium Not required Partial Partial None
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
7 CVE-2020-15386 400 2021-06-09 2021-09-09
5.0
None Remote Low Not required None None Partial
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
8 CVE-2020-15385 732 2021-06-09 2021-06-11
5.5
None Remote Low ??? Partial Partial None
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
9 CVE-2020-15384 312 2021-06-09 2021-06-11
5.0
None Remote Low Not required Partial None None
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
10 CVE-2020-15383 400 DoS 2021-06-09 2021-09-09
5.0
None Remote Low Not required None None Partial
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
11 CVE-2020-15381 522 2021-06-09 2021-06-15
5.0
None Remote Low Not required Partial None None
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
12 CVE-2020-15380 532 2021-06-09 2021-06-11
5.0
None Remote Low Not required Partial None None
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
13 CVE-2020-15379 20 2021-06-09 2021-06-16
5.0
None Remote Low Not required None None Partial
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
14 CVE-2020-15378 2021-06-09 2021-06-11
5.0
None Remote Low Not required Partial None None
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
15 CVE-2020-11665 601 2020-04-15 2020-04-20
5.8
None Remote Medium Not required Partial Partial None
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
16 CVE-2020-11664 601 2020-04-15 2020-04-20
5.8
None Remote Medium Not required Partial Partial None
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
17 CVE-2020-11663 601 2020-04-15 2020-04-20
5.8
None Remote Medium Not required Partial Partial None
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
18 CVE-2020-11662 200 +Info 2020-04-15 2020-04-20
5.0
None Remote Low Not required Partial None None
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
19 CVE-2020-11661 269 2020-04-15 2021-07-21
5.5
None Remote Low ??? Partial Partial None
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
20 CVE-2020-8011 476 2020-02-18 2021-09-27
5.0
None Remote Low Not required None None Partial
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
21 CVE-2020-1967 476 DoS 2020-04-21 2021-10-20
5.0
None Remote Low Not required None None Partial
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
22 CVE-2019-16211 522 2020-09-25 2020-10-07
5.0
None Remote Low Not required Partial None None
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
23 CVE-2019-16209 295 2019-11-08 2019-11-09
5.8
None Remote Medium Not required Partial Partial None
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
24 CVE-2019-16208 327 2019-11-08 2019-11-14
5.0
None Remote Low Not required Partial None None
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
25 CVE-2019-16204 532 2020-02-05 2021-06-22
5.0
None Remote Low Not required Partial None None
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
26 CVE-2019-16203 532 2020-02-05 2021-06-22
5.0
None Remote Low Not required Partial None None
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
27 CVE-2018-19634 2019-01-22 2021-04-09
5.0
None Remote Low Not required Partial None None
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
28 CVE-2018-14597 200 +Info 2018-10-17 2019-10-09
5.0
None Remote Low Not required Partial None None
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
29 CVE-2018-13823 611 2018-08-30 2021-04-12
5.0
None Remote Low Not required Partial None None
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
30 CVE-2018-13822 522 2018-08-30 2020-05-06
5.0
None Remote Low Not required Partial None None
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
31 CVE-2018-9028 326 2018-06-18 2021-04-12
5.0
None Remote Low Not required Partial None None
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
32 CVE-2018-9026 384 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
33 CVE-2018-9025 20 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
34 CVE-2018-9024 287 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
35 CVE-2018-6448 DoS 2020-09-25 2021-07-30
5.0
None Remote Low Not required None None Partial
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
36 CVE-2018-6434 384 2018-11-08 2021-06-22
5.0
None Remote Low Not required None Partial None
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
37 CVE-2017-13677 2018-04-11 2021-06-24
5.0
None Remote Low Not required None None Partial
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
38 CVE-2016-9099 601 2017-05-11 2021-07-08
5.8
None Remote Medium Not required Partial Partial None
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
39 CVE-2014-6799 310 +Info 2014-09-29 2021-04-09
5.4
None Local Network Medium Not required Partial Partial Partial
The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
40 CVE-2014-1219 20 2014-02-14 2021-04-07
5.1
None Remote High Not required Partial Partial Partial
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
41 CVE-2011-3849 DoS 2011-11-19 2021-04-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.
42 CVE-2008-4400 20 DoS 2008-10-14 2021-04-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."
43 CVE-2008-4399 20 DoS 2008-10-14 2021-04-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."
44 CVE-2008-4398 20 DoS 2008-10-14 2021-04-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
45 CVE-2008-1979 189 DoS 2008-04-27 2021-04-07
5.0
None Remote Low Not required None None Partial
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
46 CVE-2007-5439 264 +Info 2007-10-13 2021-04-09
5.0
None Remote Low Not required Partial None None
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
47 CVE-2007-5437 59 2007-10-13 2021-04-09
5.8
None Remote Medium Not required None Partial Partial
The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.
48 CVE-2007-0816 DoS 2007-02-07 2021-04-07
5.0
None Remote Low Not required None None Partial
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.
49 CVE-2006-4900 Dir. Trav. 2006-09-22 2021-04-09
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
50 CVE-2006-4899 2006-09-22 2021-04-09
5.0
None Remote Low Not required Partial None None
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
Total number of vulnerabilities : 61   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.