Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBroadcom Raid Controller Web Interface
APPBroadcom51.12.0-2779
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Powiązane podatności
CVE-2023-4336CRITICAL9.8ten sam produkt
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does n...
CVE-2023-4325CRITICAL9.8ten sam produkt
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilitie...
CVE-2023-4324CRITICAL9.8ten sam produkt
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security...
CVE-2023-4323CRITICAL9.8ten sam produkt
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gate...
CVE-2023-4337CRITICAL9.8ten sam produkt
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gatewa...