cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4332,https://securityvulnerability.io/vulnerability/CVE-2023-4332,Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file,"The Broadcom RAID Controller web interface is susceptible to vulnerabilities stemming from improper permissions set on log files. This misconfiguration can potentially allow unauthorized users to access sensitive log data, which could lead to further exploitation or data leakage. Organizations using affected RAID Controllers must review their permissions settings to safeguard against unauthorized access.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4329,https://securityvulnerability.io/vulnerability/CVE-2023-4329,Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute,"The Broadcom RAID Controller web interface exhibits unsafe default settings in its HTTP configuration, exposing SESSIONID cookies to potential hijacking. The absence of the SameSite attribute enables cross-origin requests to access sensitive session data, thereby compromising user security. It is crucial for users to apply appropriate security measures to mitigate risks associated with this vulnerability.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4340,https://securityvulnerability.io/vulnerability/CVE-2023-4340,Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file,"A security vulnerability exists in Broadcom RAID Controller that allows attackers to escalate privileges by exploiting session information logged in the system’s logs. This flaw may enable unauthorized users to gain elevated access rights, potentially compromising system integrity and availability. Proper security measures and updates are necessary to protect vulnerable installations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4337,https://securityvulnerability.io/vulnerability/CVE-2023-4337,Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation,"The Broadcom RAID Controller web interface is susceptible to an improper session handling vulnerability. This issue arises on Gateway installations, where improper management of user sessions can lead to unauthorized access or manipulation of managed servers. It is crucial for users to ensure that their systems are securely configured and regularly updated to mitigate potential risks associated with this vulnerability.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4323,https://securityvulnerability.io/vulnerability/CVE-2023-4323,Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup,"The Broadcom RAID Controller web interface is susceptible to vulnerabilities arising from improper management of active sessions during Gateway setup. This oversight can allow unauthorized access to sensitive data and functionalities, potentially compromising the security of the system. Organizations using affected versions should evaluate their configurations and consider immediate measures to mitigate risks associated with this vulnerability, thereby safeguarding their data integrity and system operations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4324,https://securityvulnerability.io/vulnerability/CVE-2023-4324,Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy  headers,"The Broadcom RAID Controller's web interface is exposed to potential security risks due to insecure default configurations. Specifically, the absence of HTTP Content-Security-Policy headers can enable various web application attacks such as cross-site scripting (XSS) and data injection vulnerabilities. It is essential for users to apply security measures, including reviewing default settings and implementing proper security headers, to fortify their web interfaces against unauthorized access and exploitation.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4325,https://securityvulnerability.io/vulnerability/CVE-2023-4325,Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities,"The Broadcom RAID Controller web interface is exposed to security risks due to its reliance on Libcurl, which contains known vulnerabilities. This exposure makes it susceptible to potential exploitation, affecting its overall security posture. It is crucial for users to address this vulnerability to ensure data integrity and protect against unauthorized access. For more information on security measures, visit Broadcom's product security center.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4326,https://securityvulnerability.io/vulnerability/CVE-2023-4326,Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites,"The Broadcom RAID Controller web interface is susceptible to vulnerabilities due to an insecure default TLS configuration. This configuration permits the use of outdated SHA1-based ciphersuites, which can expose communications to potential interception and exploitation. Organizations using this product should take immediate action to enhance their TLS settings, ensuring the use of modern, secure ciphers in order to protect their data and maintain integrity across their network communications. Further information is available on Broadcom's support page.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4328,https://securityvulnerability.io/vulnerability/CVE-2023-4328,Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4331,https://securityvulnerability.io/vulnerability/CVE-2023-4331,Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols,"The Broadcom RAID Controller's web interface has a significant vulnerability due to an insecure default TLS configuration that permits the use of outdated and inherently insecure TLS protocols. This issue can lead to potential exposure of sensitive data and allow unauthorized access to network communications, highlighting the urgent need for users to review their settings and implement secure configurations.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4333,https://securityvulnerability.io/vulnerability/CVE-2023-4333,Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server,Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4334,https://securityvulnerability.io/vulnerability/CVE-2023-4334,Broadcom RAID Controller Web server (nginx) is serving private files without any authentication,"The Broadcom RAID Controller Web server, powered by nginx, is susceptible to an authentication bypass vulnerability that allows unauthorized access to private files. This exploit exposes sensitive data, as the web server fails to enforce proper authentication mechanisms, potentially leading to data leaks or other security incidents. Users are urged to assess their affected systems and apply available patches to mitigate risks.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4335,https://securityvulnerability.io/vulnerability/CVE-2023-4335,Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux,"The Broadcom RAID Controller Web server utilizes nginx and has been found to serve private server-side files without proper authentication. This vulnerability allows unauthorized users to access sensitive information stored on the server, posing a serious security threat to systems relying on this web server environment.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4336,https://securityvulnerability.io/vulnerability/CVE-2023-4336,Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute,"The Broadcom RAID Controller web interface is exposed to vulnerabilities due to insecure default HTTP configuration settings. Specifically, the interface fails to set the Secure attribute for cookies, potentially allowing unauthorized access to sensitive session data. This security oversight can lead to significant risks for users managing RAID configurations, emphasizing the need for proper security measures to protect cookie data during transmission.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4338,https://securityvulnerability.io/vulnerability/CVE-2023-4338,Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers,"The Broadcom RAID Controller web interface has been identified as having an insecure default configuration for HTTP. This vulnerability occurs due to a lack of X-Content-Type-Options headers, which may expose users to various security risks, allowing attackers to perform content type sniffing and potentially execute malicious actions. Users are advised to review and modify their HTTP settings to enhance security and mitigate the risks associated with this vulnerability.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4339,https://securityvulnerability.io/vulnerability/CVE-2023-4339,Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions,"The Broadcom RAID Controller web interface has a vulnerability that allows the exposure of private keys. This occurs due to insecure file permissions on the configuration files that store Critical Infrastructure Management (CIM). Attackers could exploit this flaw to gain unauthorized access to sensitive information, potentially leading to further compromises within the system.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4341,https://securityvulnerability.io/vulnerability/CVE-2023-4341,Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI,"Broadcom RAID Controller contains a vulnerability that allows for privilege escalation to root. This issue arises from the insecure creation of folders by the Web GUI, which could potentially enable unauthorized users to gain elevated access rights. It is essential for users of this product to review the security implications and apply necessary patches or mitigations to protect their systems.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4342,https://securityvulnerability.io/vulnerability/CVE-2023-4342,Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security  policy,"The Broadcom RAID Controller web interface exhibits a vulnerability due to insecure default configurations. It lacks an HTTP strict-transport-security policy, which can expose it to various security risks. This oversight can potentially allow attackers to intercept data or perform man-in-the-middle attacks. Users are advised to review their configurations and implement recommended security practices to safeguard their systems.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4343,https://securityvulnerability.io/vulnerability/CVE-2023-4343,Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter,"The Broadcom RAID Controller web interface is vulnerable due to sensitive password data being compromised through exposure in URL search parameters. This security flaw can allow unauthorized users to intercept critical access credentials, making it essential for organizations using this product to review their security configurations and take steps to mitigate potential risks.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4344,https://securityvulnerability.io/vulnerability/CVE-2023-4344,Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection,"The web interface of the Broadcom RAID Controller is susceptible to insufficient randomness due to improper implementation of the ssl.rnd function during the establishment of CIM connections. This shortfall can lead to potential security risks, enabling attackers to exploit the weakness and undermine the security of data transactions.",Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4327,https://securityvulnerability.io/vulnerability/CVE-2023-4327,Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux,Broadcom,Lsi Storage Authority (lsa),5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-15T19:15:00.000Z,0
CVE-2023-4345,https://securityvulnerability.io/vulnerability/CVE-2023-4345,Broadcom RAID Controller web interface is vulnerable client-side control bypass,Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user,Broadcom,"Lsi Storage Authority (lsa),Raid Web Console 3 (rwc3)",6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-08-15T18:15:00.000Z,0