CPE Details
Broadcom RAID Controller Web Interface 51.12.0-2779
51.12.0-2779
2023-08-21
15h32 +00:00
15h32 +00:00
2023-08-29
11h13 +00:00
11h13 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*
Informations
Vendor
broadcomProduct
raid_controller_web_interfaceVersion
51.12.0-2779Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | 7.5 |
High |
||
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | 5.5 |
Medium |
||
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | 5.5 |
Medium |
||
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | 7.5 |
High |
||
| Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | 7.5 |
High |
||
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | 5.5 |
Medium |
||
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | 7.5 |
High |
||
| Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | 7.5 |
High |
||
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | 7.5 |
High |
||
| Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | 9.8 |
Critical |
||
| Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter | 7.5 |
High |
||
| Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | 9.8 |
Critical |
||
| Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user | 6.5 |
Medium |
2025©
tesweb SA
