Broadcom Raid Controller Web Interface — known CVE vulnerabilities
Every CVE whose affected-product data names Broadcom Raid Controller Web Interface, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2023-4323 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-4336 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with…
CVE-2023-4337 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVE-2023-4338 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide…
CVE-2023-4342 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVE-2023-4340 — CVSS 9.8 (critical): Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVE-2023-4329 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie…
CVE-2023-4325 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4324 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4341 — CVSS 9.8 (critical): Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVE-2023-4344 — CVSS 9.8 (critical): Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-4335 — CVSS 7.5 (high): Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVE-2023-4326 — CVSS 7.5 (high): Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based…
CVE-2023-4331 — CVSS 7.5 (high): Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS…
CVE-2023-4332 — CVSS 7.5 (high): Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2023-4334 — CVSS 7.5 (high): Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4339 — CVSS 7.5 (high): Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVE-2023-4343 — CVSS 7.5 (high): Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVE-2023-4345 — CVSS 6.5 (medium): Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
CVE-2023-4328 — CVSS 5.5 (medium): Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any…
CVE-2023-4327 — CVSS 5.5 (medium): Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any…