Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XBroadcom Brocade Active Support Connectivity Gateway
APPBroadcom≤ 3.2.0
Related vulnerabilities
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations relate...
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports port...
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional r...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...