cvelistv5 - cve-2017-6225

CVE-2017-6225 (GCVE-0-2017-6225)

Vulnerability from cvelistv5 – Published: 2018-02-08 22:00 – Updated: 2024-09-16 23:36

Summary

Severity ?

No CVSS data available.

CWE

Cross-site scripting (XSS)

Assigner

brocade

References

URL

Tags

	https://www.broadcom.com/support/fibre-channel-ne…	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Brocade Communications Systems, Inc.	Brocade FABRIC OS	Affected: all versions before 7.4.2b, v8.1.2 and 8.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:48.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Brocade FABRIC OS",
          "vendor": "Brocade Communications Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions before 7.4.2b, v8.1.2 and 8.2.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting (XSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-22T09:57:01",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@brocade.com",
          "DATE_PUBLIC": "2018-01-31T00:00:00",
          "ID": "CVE-2017-6225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Brocade FABRIC OS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions before 7.4.2b, v8.1.2 and 8.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Brocade Communications Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525",
              "refsource": "CONFIRM",
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2017-6225",
    "datePublished": "2018-02-08T22:00:00Z",
    "dateReserved": "2017-02-23T00:00:00",
    "dateUpdated": "2024-09-16T23:36:49.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.2b\", \"matchCriteriaId\": \"E80B46F5-ED68-4AA1-BB45-14CCE854385D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9EBAFF-2358-4EEC-9E83-EBCAC8805414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79418EEC-72C2-4A85-97CE-7B472E9AAF79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CC5AF95-9000-4787-8528-1B9B076C4E4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7DA1CFC-AFF3-421F-90CD-61BA8DF01796\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0DE33C2-6513-4FF1-8094-85E9175B8A02\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de gesti\\u00f3n web de productos Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) en versiones anteriores a la 7.4.2b, 8.1.2 y la 8.2.0 podr\\u00eda permitir que los atacantes remotos ejecuten c\\u00f3digo arbitrario o accedan a informaci\\u00f3n sensible del navegador.\"}]",
      "id": "CVE-2017-6225",
      "lastModified": "2024-11-21T03:29:18.123",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-02-08T22:29:00.207",
      "references": "[{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us\", \"source\": \"sirt@brocade.com\"}, {\"url\": \"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525\", \"source\": \"sirt@brocade.com\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "sirt@brocade.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6225\",\"sourceIdentifier\":\"sirt@brocade.com\",\"published\":\"2018-02-08T22:29:00.207\",\"lastModified\":\"2024-11-21T03:29:18.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de gesti\u00f3n web de productos Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) en versiones anteriores a la 7.4.2b, 8.1.2 y la 8.2.0 podr\u00eda permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario o accedan a informaci\u00f3n sensible del navegador.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.2b\",\"matchCriteriaId\":\"E80B46F5-ED68-4AA1-BB45-14CCE854385D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9EBAFF-2358-4EEC-9E83-EBCAC8805414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79418EEC-72C2-4A85-97CE-7B472E9AAF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CC5AF95-9000-4787-8528-1B9B076C4E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DA1CFC-AFF3-421F-90CD-61BA8DF01796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0DE33C2-6513-4FF1-8094-85E9175B8A02\"}]}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us\",\"source\":\"sirt@brocade.com\"},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525\",\"source\":\"sirt@brocade.com\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2017-6225

Vulnerability from fkie_nvd - Published: 2018-02-08 22:29 - Updated: 2024-11-21 03:29

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	sirt@brocade.com	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us
	sirt@brocade.com	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525
	af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us
	af854a3a-2127-422b-91ae-364da2661108	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525

Impacted products

Vendor	Product	Version
broadcom	fabric_operating_system	*
broadcom	fabric_operating_system	8.0.2
broadcom	fabric_operating_system	8.1.1
brocade	fabric_os	8.0.1b1
brocade	fabric_os	8.0.2b1
brocade	fabric_os	8.1.0c1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80B46F5-ED68-4AA1-BB45-14CCE854385D",
              "versionEndExcluding": "7.4.2b",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9EBAFF-2358-4EEC-9E83-EBCAC8805414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79418EEC-72C2-4A85-97CE-7B472E9AAF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CC5AF95-9000-4787-8528-1B9B076C4E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DA1CFC-AFF3-421F-90CD-61BA8DF01796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0DE33C2-6513-4FF1-8094-85E9175B8A02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de gesti\u00f3n web de productos Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) en versiones anteriores a la 7.4.2b, 8.1.2 y la 8.2.0 podr\u00eda permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario o accedan a informaci\u00f3n sensible del navegador."
    }
  ],
  "id": "CVE-2017-6225",
  "lastModified": "2024-11-21T03:29:18.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-08T22:29:00.207",
  "references": [
    {
      "source": "sirt@brocade.com",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
    },
    {
      "source": "sirt@brocade.com",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
    }
  ],
  "sourceIdentifier": "sirt@brocade.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-6225

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6225

Aliases

CVE-2017-6225

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6225",
    "description": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.",
    "id": "GSD-2017-6225"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6225"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.",
      "id": "GSD-2017-6225",
      "modified": "2023-12-13T01:21:09.740954Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@brocade.com",
        "DATE_PUBLIC": "2018-01-31T00:00:00",
        "ID": "CVE-2017-6225",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Brocade FABRIC OS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions before 7.4.2b, v8.1.2 and 8.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Brocade Communications Systems, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525",
            "refsource": "CONFIRM",
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.2b",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@brocade.com",
          "ID": "CVE-2017-6225"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-06-22T15:20Z",
      "publishedDate": "2018-02-08T22:29Z"
    }
  }
}

VAR-201802-0640

Vulnerability from variot - Updated: 2023-12-18 13:52

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. Brocade Fabric OS (FOS) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BrocadeFibreChannelSANproducts are Brocade switches and BrocadeFabricOS (FOS) is an embedded system running on them. Cross-site scripting vulnerabilities exist in BrocadeFibreChannelSAN products prior to BrocadeFOS7.4.2b, pre-8.1.2, and pre-8.0. Web-based management interfaces. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Broadcom Brocade Fabric OS versions prior 7.4.2b, 8.1.2 and 8.2.0 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0640",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "brocade",
        "version": "8.0.2b1"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "brocade",
        "version": "8.1.0c1"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "brocade",
        "version": "8.0.1b1"
      },
      {
        "model": "fabric operating system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "7.4.2b"
      },
      {
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0.2"
      },
      {
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.1.1"
      },
      {
        "model": "fabric os",
        "scope": null,
        "trust": 0.8,
        "vendor": "brocade",
        "version": null
      },
      {
        "model": "fibre channel san \u003c7.4.2b",
        "scope": null,
        "trust": 0.6,
        "vendor": "brocade",
        "version": null
      },
      {
        "model": "fibre channel san",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "8.1.2"
      },
      {
        "model": "fibre channel san",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "8.2.0"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "5.2.0"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "8.0.2d"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "8.1.1a"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "3.1"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "5.0.5b"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "5.2.0a"
      },
      {
        "model": "fabric os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "brocade",
        "version": "8.0.2c"
      },
      {
        "model": "brocade fabric os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "broadcom",
        "version": "8.1.1"
      },
      {
        "model": "brocade fabric os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "broadcom",
        "version": "7.4.2"
      },
      {
        "model": "brocade fabric os 7.4.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "brocade fabric os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "broadcom",
        "version": "8.2"
      },
      {
        "model": "brocade fabric os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "broadcom",
        "version": "8.1.2"
      },
      {
        "model": "brocade fabric os 7.4.2c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "broadcom",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "BID",
        "id": "107051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.2b",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pawel Gocyla and Matt Byrne.",
    "sources": [
      {
        "db": "BID",
        "id": "107051"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6225",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6225",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2018-06323",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-6225",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6225",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06323",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201802-253",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. Brocade Fabric OS (FOS) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BrocadeFibreChannelSANproducts are Brocade switches and BrocadeFabricOS (FOS) is an embedded system running on them. Cross-site scripting vulnerabilities exist in BrocadeFibreChannelSAN products prior to BrocadeFOS7.4.2b, pre-8.1.2, and pre-8.0. Web-based management interfaces. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nBroadcom Brocade Fabric OS versions prior 7.4.2b, 8.1.2 and 8.2.0 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "BID",
        "id": "107051"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6225",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "107051",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "BID",
        "id": "107051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "id": "VAR-201802-0640",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:52:48.816000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "BSA-2018-525",
        "trust": 0.8,
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
      },
      {
        "title": "Patch for BrocadeFibreChannelSAN product BrocadeFabricOS cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/123361"
      },
      {
        "title": "Brocade Fibre Channel SAN product Brocade Fabric OS Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78367"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
      },
      {
        "trust": 1.3,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03851en_us"
      },
      {
        "trust": 1.2,
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6225"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6225"
      },
      {
        "trust": 0.3,
        "url": "http://www.broadcom.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "BID",
        "id": "107051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "db": "BID",
        "id": "107051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "BID",
        "id": "107051"
      },
      {
        "date": "2018-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "date": "2018-02-08T22:29:00.207000",
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "date": "2018-02-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06323"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "BID",
        "id": "107051"
      },
      {
        "date": "2018-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      },
      {
        "date": "2021-06-22T15:20:21.983000",
        "db": "NVD",
        "id": "CVE-2017-6225"
      },
      {
        "date": "2018-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brocade Fabric OS Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012605"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-253"
      }
    ],
    "trust": 0.6
  }
}

GHSA-RXHR-M56G-6FM6

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-08T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.",
  "id": "GHSA-rxhr-m56g-6fm6",
  "modified": "2022-05-13T01:09:13Z",
  "published": "2022-05-13T01:09:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6225"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-06323

Vulnerability from cnvd - Published: 2018-03-26

Title

Brocade Fibre Channel SAN产品Brocade Fabric OS 跨站脚本漏洞

Description

Brocade Fibre Channel SAN products都是美国博科（Brocade）公司的交换机产品，Brocade Fabric OS (FOS)是运行在其中的一套嵌入式系统。 Brocade Fibre Channel SAN产品中的Brocade FOS 7.4.2b之前版本、8.1.2之前版本和8.2.0之前版本的基于Web的管理界面存在跨站脚本漏洞。远程攻击者可利用该漏洞执行任意代码或访问基于Web的敏感信息。

Severity

中

Patch Name

Brocade Fibre Channel SAN产品Brocade Fabric OS 跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm

Reference

http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm

Impacted products

Name
['Brocade Fibre Channel SAN <7.4.2b', 'Brocade Fibre Channel SAN <8.1.2', 'Brocade Fibre Channel SAN <8.2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6225",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6225"
    }
  },
  "description": "Brocade Fibre Channel SAN products\u90fd\u662f\u7f8e\u56fd\u535a\u79d1\uff08Brocade\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\uff0cBrocade Fabric OS (FOS)\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u5d4c\u5165\u5f0f\u7cfb\u7edf\u3002\r\n\r\nBrocade Fibre Channel SAN\u4ea7\u54c1\u4e2d\u7684Brocade FOS 7.4.2b\u4e4b\u524d\u7248\u672c\u30018.1.2\u4e4b\u524d\u7248\u672c\u548c8.2.0\u4e4b\u524d\u7248\u672c\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8eWeb\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Brocade",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06323",
  "openTime": "2018-03-26",
  "patchDescription": "Brocade Fibre Channel SAN products\u90fd\u662f\u7f8e\u56fd\u535a\u79d1\uff08Brocade\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\uff0cBrocade Fabric OS (FOS)\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u5d4c\u5165\u5f0f\u7cfb\u7edf\u3002\r\n\r\nBrocade Fibre Channel SAN\u4ea7\u54c1\u4e2d\u7684Brocade FOS 7.4.2b\u4e4b\u524d\u7248\u672c\u30018.1.2\u4e4b\u524d\u7248\u672c\u548c8.2.0\u4e4b\u524d\u7248\u672c\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8eWeb\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Brocade Fibre Channel SAN\u4ea7\u54c1Brocade Fabric OS \u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Brocade Fibre Channel SAN \u003c7.4.2b",
      "Brocade Fibre Channel SAN \u003c8.1.2",
      "Brocade Fibre Channel SAN \u003c8.2.0"
    ]
  },
  "referenceLink": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-26",
  "title": "Brocade Fibre Channel SAN\u4ea7\u54c1Brocade Fabric OS \u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6225 (GCVE-0-2017-6225)

FKIE_CVE-2017-6225

GSD-2017-6225

VAR-201802-0640

GHSA-RXHR-M56G-6FM6

CNVD-2018-06323

Tags

Sightings

Nomenclature