Search criteria
66 vulnerabilities found for raid_controller_web_interface by broadcom
FKIE_CVE-2023-4327
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable a la exposici\u00f3n de datos sensibles y las claves utilizadas para el cifrado son accesibles a cualquier usuario local en Linux. "
}
],
"id": "CVE-2023-4327",
"lastModified": "2025-11-04T17:15:39.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.010",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4337
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable a la gesti\u00f3n inadecuada de sesiones de servidores gestionados en la instalaci\u00f3n de la puerta de enlace. "
}
],
"id": "CVE-2023-4337",
"lastModified": "2025-11-04T17:15:40.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.560",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4338
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers"
}
],
"id": "CVE-2023-4338",
"lastModified": "2025-11-04T17:15:40.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.613",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4332
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable debido a permisos inadecuados en el archivo de registro. "
}
],
"id": "CVE-2023-4332",
"lastModified": "2025-11-04T17:15:40.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.290",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4329
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable debido a una configuraci\u00f3n HTTP insegura por defecto que no protege la cookie SESSIONID con el atributo SameSite. "
}
],
"id": "CVE-2023-4329",
"lastModified": "2025-11-04T17:15:40.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.117",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4340
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file"
}
],
"id": "CVE-2023-4340",
"lastModified": "2025-11-04T17:15:40.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.717",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4341
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI"
}
],
"id": "CVE-2023-4341",
"lastModified": "2025-11-04T17:15:41.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.770",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4339
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions"
}
],
"id": "CVE-2023-4339",
"lastModified": "2025-11-04T17:15:40.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.663",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4336
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable debido a una configuraci\u00f3n HTTP insegura por defecto que no protege las cookies con el atributo \"Secure\"."
}
],
"id": "CVE-2023-4336",
"lastModified": "2025-11-04T17:15:40.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.503",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4333
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ordering by server"
},
{
"lang": "es",
"value": "Broadcom RAID Controller Web Interface no aplica la orden de cifrado SSL por el servidor. "
}
],
"id": "CVE-2023-4333",
"lastModified": "2025-11-04T17:15:40.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.347",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4344
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection"
}
],
"id": "CVE-2023-4344",
"lastModified": "2025-11-04T17:15:41.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-15T19:15:11.943",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4328
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable a la exposici\u00f3n de datos sensibles y las claves utilizadas para el cifrado son accesible a cualquier usuario local en Windows. "
}
],
"id": "CVE-2023-4328",
"lastModified": "2025-11-04T17:15:39.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.060",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4342
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy"
}
],
"id": "CVE-2023-4342",
"lastModified": "2025-11-04T17:15:41.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.823",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4343
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter"
}
],
"id": "CVE-2023-4343",
"lastModified": "2025-11-04T17:15:41.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.883",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4331
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller tiene una configuraci\u00f3n TLS por defecto insegura que soporta protocolos TLS obsoletos y vulnerables. "
}
],
"id": "CVE-2023-4331",
"lastModified": "2025-11-04T17:15:40.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.230",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4335
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2024-11-21 08:34
Severity ?
Summary
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux"
},
{
"lang": "es",
"value": "Broadcom RAID Controller Web server (nginx) est\u00e1 sirviendo archivos privados del lado del servidor sin ninguna autenticaci\u00f3n en Linux. "
}
],
"id": "CVE-2023-4335",
"lastModified": "2024-11-21T08:34:52.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.450",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4334
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller Web server (nginx) is serving private files without any authentication"
},
{
"lang": "es",
"value": "Broadcom RAID Controller Web Server (nginx) est\u00e1 sirviendo archivos privados sin ninguna autenticaci\u00f3n. "
}
],
"id": "CVE-2023-4334",
"lastModified": "2025-11-04T17:15:40.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:11.397",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4323
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable a la gesti\u00f3n inadecuada de sesiones activas en la configuraci\u00f3n del Gateway. "
}
],
"id": "CVE-2023-4323",
"lastModified": "2025-11-04T17:15:39.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:10.790",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4325
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable debido al uso de Libcurl con LSA teniendo vulnerabilidades conocidas. "
}
],
"id": "CVE-2023-4325",
"lastModified": "2025-11-04T17:15:39.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:10.900",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4324
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable debido a la falta de seguridad de las cabeceras HTTP Content-Security-Policy. "
}
],
"id": "CVE-2023-4324",
"lastModified": "2025-11-04T17:15:39.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:10.847",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4326
Vulnerability from fkie_nvd - Published: 2023-08-15 19:15 - Updated: 2025-11-04 17:15
Severity ?
Summary
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites"
},
{
"lang": "es",
"value": "La interfaz web de Broadcom RAID Controller es vulnerable a una configuraci\u00f3n TLS predeterminada insegura que admite cifrados obsoletos basados en SHA1. "
}
],
"id": "CVE-2023-4326",
"lastModified": "2025-11-04T17:15:39.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T19:15:10.957",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-4328 (GCVE-0-2023-4328)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
Severity ?
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:21.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:19:08.708967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:19:19.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:42:15.841Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4328",
"datePublished": "2023-08-15T18:25:38.246Z",
"dateReserved": "2023-08-14T21:25:58.130Z",
"dateUpdated": "2025-11-04T16:10:21.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4327 (GCVE-0-2023-4327)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Severity ?
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0
|
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:20.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:04:49.686025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:05:12.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:41:33.093Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4327",
"datePublished": "2023-08-15T18:25:38.370Z",
"dateReserved": "2023-08-14T21:22:21.442Z",
"dateUpdated": "2025-11-04T16:10:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4324 (GCVE-0-2023-4324)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
|||||||
|
|||||||||
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:17.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lsi_storage_authority",
"vendor": "broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "raid_web_console_3",
"vendor": "intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:54:08.973670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:57:24.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:04:23.250Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers",
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4324",
"datePublished": "2023-08-15T18:25:38.873Z",
"dateReserved": "2023-08-14T21:06:24.381Z",
"dateUpdated": "2025-11-04T16:10:17.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4329 (GCVE-0-2023-4329)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
|||||||
|
|||||||||
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:22.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lsi_storage_authority",
"vendor": "broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "raid_web_console_3",
"vendor": "intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:19:53.153951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:22:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:04:24.200Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute",
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4329",
"datePublished": "2023-08-15T18:25:38.060Z",
"dateReserved": "2023-08-14T21:25:58.373Z",
"dateUpdated": "2025-11-04T16:10:22.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4325 (GCVE-0-2023-4325)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
Summary
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
|||||||
|
|||||||||
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:18.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lsi_storage_authority",
"vendor": "broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "raid_web_console_3",
"vendor": "intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:58:07.119861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:00:04.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:04:23.421Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities",
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4325",
"datePublished": "2023-08-15T18:25:38.706Z",
"dateReserved": "2023-08-14T21:10:36.380Z",
"dateUpdated": "2025-11-04T16:10:18.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4328 (GCVE-0-2023-4328)
Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
Severity ?
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:21.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:19:08.708967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:19:19.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:42:15.841Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4328",
"datePublished": "2023-08-15T18:25:38.246Z",
"dateReserved": "2023-08-14T21:25:58.130Z",
"dateUpdated": "2025-11-04T16:10:21.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4327 (GCVE-0-2023-4327)
Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Summary
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Severity ?
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0
|
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:20.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:04:49.686025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:05:12.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:41:33.093Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4327",
"datePublished": "2023-08-15T18:25:38.370Z",
"dateReserved": "2023-08-14T21:22:21.442Z",
"dateUpdated": "2025-11-04T16:10:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4324 (GCVE-0-2023-4324)
Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
|||||||
|
|||||||||
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:17.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lsi_storage_authority",
"vendor": "broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "raid_web_console_3",
"vendor": "intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:54:08.973670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:57:24.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:04:23.250Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers",
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4324",
"datePublished": "2023-08-15T18:25:38.873Z",
"dateReserved": "2023-08-14T21:06:24.381Z",
"dateUpdated": "2025-11-04T16:10:17.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4329 (GCVE-0-2023-4329)
Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
VLAI?
Title
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Summary
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) |
Affected:
0 , < 7.017.011.000
(custom)
|
|||||||
|
|||||||||
Credits
Intel DCG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:22.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lsi_storage_authority",
"vendor": "broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "raid_web_console_3",
"vendor": "intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:19:53.153951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:22:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Intel DCG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:04:24.200Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute",
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4329",
"datePublished": "2023-08-15T18:25:38.060Z",
"dateReserved": "2023-08-14T21:25:58.373Z",
"dateUpdated": "2025-11-04T16:10:22.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}