cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24507,https://securityvulnerability.io/vulnerability/CVE-2025-24507,Boot-Time Compromise Vulnerability in Broadcom Appliances,"A critical vulnerability exists that can lead to the compromise of Broadcom appliances during the boot process. Attackers could exploit this flaw to manipulate the appliance's boot sequence, potentially gaining unauthorized access and control over the device. This risk highlights the importance of implementing robust security measures at boot time to protect sensitive infrastructure.",Broadcom,Symantec Privileged Access Management,8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:41:50.906Z,0
CVE-2025-24506,https://securityvulnerability.io/vulnerability/CVE-2025-24506,Authentication Strategy Vulnerability in Broadcom's PAM Products,"A flaw in the authentication strategy deployed in Broadcom's PAM products exposes the unique identifiers of users associated with specific authentication types. This could enable unauthorized parties to infer sensitive user associations, thereby compromising user data integrity and privacy. Organizations using affected versions are encouraged to review their configurations and apply relevant security measures to mitigate potential risks.",Broadcom,Symantec Privileged Access Management,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:39:19.670Z,0
CVE-2025-24505,https://securityvulnerability.io/vulnerability/CVE-2025-24505,Remote Command Execution Vulnerability in Broadcom PAM Systems,"A vulnerability in Broadcom's PAM systems has been identified that could allow an authenticated high-privileged user to execute arbitrary commands remotely. This occurs when a specially crafted upgrade file is uploaded to the system, leading to potential exploitation of critical system functions. Organizations utilizing affected PAM systems should prioritize updates and patches to mitigate this risk.",Broadcom,Symantec Privileged Access Management,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:36:09.450Z,0
CVE-2025-24504,https://securityvulnerability.io/vulnerability/CVE-2025-24504,Improper Input Validation in Broadcom Software,"The vulnerability arises from inadequate input validation in the Cross-Site Request Forgery (CSRF) filter, leading to unsanitized user input being logged by the application. This flaw could potentially allow an attacker to inject malicious inputs that may compromise the integrity of the application logs, posing a threat to the overall security posture of the affected systems.",Broadcom,Symantec Privileged Access Management,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:31:41.795Z,0
CVE-2025-24503,https://securityvulnerability.io/vulnerability/CVE-2025-24503,Session Fixation Vulnerability in PAM Server by Broadcom,"A vulnerability exists in Broadcom's PAM server that allows a malicious actor to exploit session fixation techniques. By convincing a PAM user to engage with a specially crafted link, the attacker can establish control over the user's session. This could lead to unauthorized access and actions performed under the user's credentials, compromising the security of sensitive operations within the PAM environment. It is essential for users and administrators to implement robust security measures to mitigate this risk.",Broadcom,Symantec Privileged Access Management,9.3,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:27:08.641Z,0
CVE-2025-24502,https://securityvulnerability.io/vulnerability/CVE-2025-24502,Improper Session Validation in Broadcom Product,"A vulnerability has been identified that allows an unauthenticated attacker to exploit improper session validation within certain Broadcom products. By spoofing the client IP address, the attacker can trigger request notifications as if they were a legitimate user. This could lead to unauthorized actions being executed in the context of an incorrect user, potentially compromising the integrity of the application and the data it handles.",Broadcom,Symantec Privileged Access Management,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:24:32.902Z,0
CVE-2025-24501,https://securityvulnerability.io/vulnerability/CVE-2025-24501,Improper Input Validation in PAM Logs for Broadcom Products,"An improper input validation vulnerability exists in Broadcom's PAM product, allowing unauthenticated attackers to manipulate PAM logs by sending specifically crafted HTTP requests. This can lead to unauthorized access and integrity issues within the logging framework of vulnerable systems.",Broadcom,Symantec Privileged Access Management,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:21:37.817Z,0
CVE-2025-24500,https://securityvulnerability.io/vulnerability/CVE-2025-24500,Unauthenticated Information Disclosure in PAM Database by Broadcom's Software,An information disclosure vulnerability exists within Broadcom's software that enables an unauthenticated attacker to gain unauthorized access to sensitive information in the PAM database. This can lead to severe privacy breaches and potential exploitation by malicious actors.,Broadcom,Symantec Privileged Access Management,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T18:15:12.337Z,0
CVE-2024-38499,https://securityvulnerability.io/vulnerability/CVE-2024-38499,Exploiting Encryption Oversights in CA Client Automation,"CVE-2024-38499 is a significant vulnerability in CA Client Automation (ITCM) that exposes non-admin/non-root users to the ability to perform encryption operations via the CAF CLI and SD_ACMD CLI. This flaw permits these less privileged users to access critical encryption keys, leading to potential exploitation of stored credentials. The identified risk necessitates immediate attention, as unauthorized access to sensitive information could have severe ramifications. To mitigate this vulnerability, a fix has been implemented to restrict the execution of the 'caf encrypt' and 'sd_acmd encrypt' commands solely to admin or root users.",Broadcom,Ca Client Automation (itcm),,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T05:43:00.369Z,0
CVE-2024-36459,https://securityvulnerability.io/vulnerability/CVE-2024-36459,CRLF Cross-Site Scripting Vulnerability Affects SiteMinder Web Agent,"A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.",Broadcom,Symantec Siteminder,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T12:06:19.298Z,0
CVE-2023-50093,https://securityvulnerability.io/vulnerability/CVE-2023-50093,Host Header Injection Vulnerability in APIIDA API Gateway Manager by Broadcom,"The APIIDA API Gateway Manager, a product offered by Broadcom, is exposed to a host header injection vulnerability in version 2023.2.2. This vulnerability allows an attacker to manipulate the host header in requests sent to the API Gateway, which may lead to unauthorized access or potentially redirecting traffic to malicious endpoints. Organizations utilizing this API Gateway should be aware of this security threat and implement necessary mitigations to safeguard their systems.",Broadcom,APIIDA API Gateway Manager,6.1,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-01-03T00:00:00.000Z,0
CVE-2023-50092,https://securityvulnerability.io/vulnerability/CVE-2023-50092,Cross Site Scripting Flaw in APIIDA API Gateway Manager from Broadcom,The APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is susceptible to a Cross Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This could enable unauthorized actions or access sensitive information from users' browsers.,Broadcom,APIIDA API Gateway Manager,6.1,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-01-03T00:00:00.000Z,0
CVE-2023-37790,https://securityvulnerability.io/vulnerability/CVE-2023-37790,Arbitrary File Upload Vulnerability in Jaspersoft Clarity PPM,"Jaspersoft Clarity PPM version 14.3.0.298 is vulnerable to an arbitrary file upload due to insufficient validation of user-uploaded files through the Profile Picture Upload feature. This security flaw could allow unauthorized users to upload malicious files, potentially compromising the integrity of the system and allowing for further attacks.",Broadcom,Clarity,5.4,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-11-09T00:15:00.000Z,0
CVE-2023-31096,https://securityvulnerability.io/vulnerability/CVE-2023-31096,Local Privilege Escalation Vulnerability in Broadcom LSI Soft Modem Driver,"A vulnerability exists in the Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver that allows an attacker to escalate privileges to the SYSTEM level via a stack overflow condition in RTLCopyMemory. This flaw enables exploitation from a medium-integrity process, which can circumvent kernel-level protections, including antivirus and protected process light (PPL) measures. The elevated privileges gained can be utilized in orchestrated ransomware attacks, particularly through bring-your-own-vulnerable-driver (BYOVD) tactics.",Broadcom,Lsi Pci-sv92ex Firmware,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-10T00:00:00.000Z,0
CVE-2023-23957,https://securityvulnerability.io/vulnerability/CVE-2023-23957,Open Redirection Vulnerability in Symantec Identity Portal 14.4,An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4,Symantec - A Division of Broadcom,Symantec Identity Governance And Administration,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-09-19T13:16:00.000Z,0
CVE-2023-4327,https://securityvulnerability.io/vulnerability/CVE-2023-4327,Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4335,https://securityvulnerability.io/vulnerability/CVE-2023-4335,Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux,"The Broadcom RAID Controller Web server utilizes nginx and has been found to serve private server-side files without proper authentication. This vulnerability allows unauthorized users to access sensitive information stored on the server, posing a serious security threat to systems relying on this web server environment.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4329,https://securityvulnerability.io/vulnerability/CVE-2023-4329,Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute,"The Broadcom RAID Controller web interface exhibits unsafe default settings in its HTTP configuration, exposing SESSIONID cookies to potential hijacking. The absence of the SameSite attribute enables cross-origin requests to access sensitive session data, thereby compromising user security. It is crucial for users to apply appropriate security measures to mitigate risks associated with this vulnerability.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4336,https://securityvulnerability.io/vulnerability/CVE-2023-4336,Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute,"The Broadcom RAID Controller web interface is exposed to vulnerabilities due to insecure default HTTP configuration settings. Specifically, the interface fails to set the Secure attribute for cookies, potentially allowing unauthorized access to sensitive session data. This security oversight can lead to significant risks for users managing RAID configurations, emphasizing the need for proper security measures to protect cookie data during transmission.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4342,https://securityvulnerability.io/vulnerability/CVE-2023-4342,Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security  policy,"The Broadcom RAID Controller web interface exhibits a vulnerability due to insecure default configurations. It lacks an HTTP strict-transport-security policy, which can expose it to various security risks. This oversight can potentially allow attackers to intercept data or perform man-in-the-middle attacks. Users are advised to review their configurations and implement recommended security practices to safeguard their systems.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4328,https://securityvulnerability.io/vulnerability/CVE-2023-4328,Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4331,https://securityvulnerability.io/vulnerability/CVE-2023-4331,Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols,"The Broadcom RAID Controller's web interface has a significant vulnerability due to an insecure default TLS configuration that permits the use of outdated and inherently insecure TLS protocols. This issue can lead to potential exposure of sensitive data and allow unauthorized access to network communications, highlighting the urgent need for users to review their settings and implement secure configurations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4340,https://securityvulnerability.io/vulnerability/CVE-2023-4340,Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file,"A security vulnerability exists in Broadcom RAID Controller that allows attackers to escalate privileges by exploiting session information logged in the system’s logs. This flaw may enable unauthorized users to gain elevated access rights, potentially compromising system integrity and availability. Proper security measures and updates are necessary to protect vulnerable installations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4323,https://securityvulnerability.io/vulnerability/CVE-2023-4323,Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup,"The Broadcom RAID Controller web interface is susceptible to vulnerabilities arising from improper management of active sessions during Gateway setup. This oversight can allow unauthorized access to sensitive data and functionalities, potentially compromising the security of the system. Organizations using affected versions should evaluate their configurations and consider immediate measures to mitigate risks associated with this vulnerability, thereby safeguarding their data integrity and system operations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4333,https://securityvulnerability.io/vulnerability/CVE-2023-4333,Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server,Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0