Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| engenio | storage_controller | 2822 |
| brocade | silkworm | 3800 |
| ibm | ds4100 | * |
| brocade | silkworm | 3850 |
| brocade | silkworm | 3250 |
| brocade | silkworm | 3200 |
| brocade | silkworm | 3900 |
| brocade | silkworm_fiber_channel_switch | 2010 |
| broadcom | fabric_operating_system | 3.1 |
| engenio | storage_controller | 5884 |
| storagetek | d280 | * |
| engenio | storage_controller | 2882 |
| broadcom | fabric_operating_system | 2.1.2 |
| brocade | silkworm_fiber_channel_switch | 2050 |
| engenio | storage_controller | 4884 |
| broadcom | fabric_operating_system | 2.2 |
| brocade | silkworm_fiber_channel_switch | 2040 |
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | bigiron_rx_switch | * |
The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | mlx | - |
| brocade | netiron_xmr | - |
| brocade | adx | - |
| brocade | turboiron | - |
| brocade | vdx | - |
| brocade | netiron_cer | - |
| brocade | icx | - |
| brocade | vyatta | - |
| brocade | fastiron | - |
| brocade | bigiron_rx | - |
| brocade | netiron_ces | - |
The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | vyatta_vrouter_software | * |
| brocade | vyatta_vrouter | - |
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | vyatta_5400_vrouter | - |
| brocade | vyatta_5400_vrouter_software | 6.7 |
| brocade | vyatta_5400_vrouter_software | 6.6 |
| brocade | vyatta_5400_vrouter_software | 6.4 |
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | vyatta_5400_vrouter | - |
| brocade | vyatta_5400_vrouter_software | 6.7 |
| brocade | vyatta_5400_vrouter_software | 6.6 |
| brocade | vyatta_5400_vrouter_software | 6.4 |
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | vyatta_5400_vrouter | - |
| brocade | vyatta_5400_vrouter_software | 6.7 |
| brocade | vyatta_5400_vrouter_software | 6.6 |
| brocade | vyatta_5400_vrouter_software | 6.4 |
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | virtual_traffic_manager | * |
A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | netiron_os | * |
| brocade | netiron_os | 6.0.00a |
| brocade | netiron_os | 6.0.00 |
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | netiron_ces_series_firmware | - |
| brocade | netiron_cer_series_firmware | - |
| brocade | netiron_xmr_series_firmware | - |
| brocade | netiron_mlx_series_firmware | - |
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_os | 8.1.0c1 |
| broadcom | fabric_operating_system | 8.0.2 |
| brocade | fabric_os | 8.0.2b1 |
| broadcom | fabric_operating_system | * |
| brocade | fabric_os | 8.0.1b1 |
| broadcom | fabric_operating_system | 8.1.1 |
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.0.0 |
| broadcom | fabric_operating_system | 8.0.2 |
| broadcom | fabric_operating_system | 8.0.1 |
| broadcom | fabric_operating_system | 8.1.2 |
| broadcom | fabric_operating_system | 8.1.0 |
| broadcom | fabric_operating_system | * |
| brocade | fabric_os | 8.0.2b2 |
| broadcom | fabric_operating_system | 8.1.1 |
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
| netapp | brocade_network_advisor | - |
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
| netapp | brocade_network_advisor | - |
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | network_advisor | * |
| netapp | brocade_network_advisor | - |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | outside_in_technology | 8.5.4 |
| canonical | ubuntu_linux | 20.04 |
| oracle | communications_network_charging_and_control | 6.0.1 |
| sqlite | sqlite | * |
| fedoraproject | fedora | 32 |
| apple | icloud | * |
| oracle | communications_network_charging_and_control | * |
| oracle | zfs_storage_appliance_kit | 8.8 |
| apple | itunes | * |
| canonical | ubuntu_linux | 19.10 |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| siemens | sinec_infrastructure_network_services | * |
| oracle | outside_in_technology | 8.5.5 |
| apple | ipados | * |
| netapp | cloud_backup | - |
| brocade | fabric_operating_system | - |
| apple | iphone_os | * |
| apple | macos | * |
| apple | tvos | * |
| apple | watchos | * |
| netapp | hci_compute_node_firmware | - |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 9.0 |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | outside_in_technology | 8.5.5 |
| apple | ipados | * |
| netapp | cloud_backup | - |
| oracle | outside_in_technology | 8.5.4 |
| brocade | fabric_operating_system | - |
| canonical | ubuntu_linux | 20.04 |
| apple | iphone_os | * |
| apple | macos | * |
| oracle | communications_network_charging_and_control | 6.0.1 |
| sqlite | sqlite | * |
| fedoraproject | fedora | 32 |
| apple | tvos | * |
| apple | icloud | * |
| oracle | communications_network_charging_and_control | * |
| oracle | zfs_storage_appliance_kit | 8.8 |
| apple | itunes | * |
| apple | watchos | * |
| canonical | ubuntu_linux | 19.10 |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | hci_compute_node_firmware | - |
| canonical | ubuntu_linux | 18.04 |
| siemens | sinec_infrastructure_network_services | * |
| canonical | ubuntu_linux | 16.04 |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | outside_in_technology | 8.5.5 |
| netapp | cloud_backup | - |
| oracle | outside_in_technology | 8.5.4 |
| brocade | fabric_operating_system | - |
| canonical | ubuntu_linux | 20.04 |
| oracle | communications_network_charging_and_control | 6.0.1 |
| sqlite | sqlite | * |
| fedoraproject | fedora | 32 |
| oracle | communications_network_charging_and_control | * |
| oracle | zfs_storage_appliance_kit | 8.8 |
| canonical | ubuntu_linux | 19.10 |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | hci_compute_node_firmware | - |
| canonical | ubuntu_linux | 18.04 |
| siemens | sinec_infrastructure_network_services | * |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 9.0 |
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| cve-coordination@google.com | 8.3 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h700s_firmware | - |
| netapp | hci_management_node | - |
| netapp | h300s_firmware | - |
| netapp | cloud_backup | - |
| brocade | fabric_operating_system | - |
| netapp | aff_500f_firmware | - |
| netapp | h410c_firmware | - |
| netapp | c400_firmware | - |
| netapp | h615c_firmware | - |
| netapp | aff_a250_firmware | - |
| netapp | fas_8300_firmware | - |
| netapp | solidfire | - |
| netapp | h610s_firmware | - |
| netapp | h500s_firmware | - |
| linux | linux_kernel | * |
| netapp | aff_a400_firmware | - |
| netapp | solidfire_baseboard_management_controller | * |
| netapp | h410s_firmware | - |
| netapp | h610c_firmware | - |
| netapp | fas_8700_firmware | - |
| netapp | c250_firmware | - |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | - |
| netapp | h700s_firmware | - |
| netapp | h300s_firmware | - |
| brocade | fabric_operating_system | - |
| haxx | curl | * |
| debian | debian_linux | 10.0 |
| netapp | bootstrap_os | - |
| netapp | h500s_firmware | - |
| debian | debian_linux | 11.0 |
| netapp | solidfire_&_hci_storage_node | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | - |
| netapp | h700s_firmware | - |
| netapp | h300s_firmware | - |
| brocade | fabric_operating_system | - |
| netapp | hci_bootstrap_os | - |
| haxx | curl | * |
| debian | debian_linux | 10.0 |
| netapp | h500s_firmware | - |
| debian | debian_linux | 11.0 |
| netapp | solidfire_&_hci_storage_node | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | - |
| netapp | h700s_firmware | - |
| netapp | h300s_firmware | - |
| brocade | fabric_operating_system | - |
| netapp | hci_bootstrap_os | - |
| haxx | curl | * |
| netapp | h500s_firmware | - |
| debian | debian_linux | 11.0 |
| netapp | solidfire_&_hci_storage_node | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | - |
| netapp | h700s_firmware | - |
| netapp | h300s_firmware | - |
| brocade | fabric_operating_system | - |
| netapp | hci_bootstrap_os | - |
| haxx | curl | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 36 |
| netapp | h500s_firmware | - |
| debian | debian_linux | 11.0 |
| netapp | solidfire_&_hci_storage_node | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h410s_firmware | - |
| fedoraproject | fedora | 37 |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | sannav | * |
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_operating_system | 9.0.1e |
| brocade | fabric_operating_system | 9.1.1 |
| brocade | fabric_operating_system | 7.4.2j |
| brocade | fabric_operating_system | 8.2.3c |
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| sirt@brocade.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_operating_system | * |
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | active_support_connectivity_gateway | * |
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_operating_system | * |
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_operating_system | * |
| brocade | fabric_operating_system | 9.2.2 |
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | ascg | * |
A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | ascg | * |
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | ascg | * |