Broadcom Lsi Storage Authority (lsa) Vulnerabilities
Broadcom Lsi Storage Authority (lsa) vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2023-4332BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
CVE-2023-4329BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVE-2023-4340BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVE-2023-4337BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-4323BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4324BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4325BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4326BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4328BroadcomLsi Storage Authority ...5.5MEDIUMBroadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
CVE-2023-4331BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller web interface doesnβt enforce SSL cipher ordering by server
CVE-2023-4333BroadcomLsi Storage Authority ...5.5MEDIUMBroadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4334BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVE-2023-4335BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
CVE-2023-4336BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVE-2023-4338BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVE-2023-4339BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVE-2023-4341BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVE-2023-4342BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVE-2023-4343BroadcomLsi Storage Authority ...7.5HIGHBroadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-4344BroadcomLsi Storage Authority ...9.8CRITICALBroadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4327BroadcomLsi Storage Authority ...5.5MEDIUMBroadcom RAID Controller web interface is vulnerable client-side control bypass
CVE-2023-4345BroadcomLsi Storage Authority ...6.5MEDIUM
15 August 2023
No more vulnerabilities to load.