Intel Raid Web Console 3 (Rwc3)
19 CVEs affecting Intel Raid Web Console 3 (Rwc3). Latest disclosed: 2023-08-15. Critical: 11, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4344 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection |
CVE-2023-4342 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy |
CVE-2023-4341 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI |
CVE-2023-4340 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file |
CVE-2023-4338 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers |
CVE-2023-4337 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation |
CVE-2023-4336 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute |
CVE-2023-4329 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attri… |
CVE-2023-4325 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities |
CVE-2023-4324 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers |
CVE-2023-4323 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup |
CVE-2023-4343 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter |
CVE-2023-4339 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions |
CVE-2023-4335 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux |
CVE-2023-4334 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller Web server (nginx) is serving private files without any authentication |
CVE-2023-4332 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file |
CVE-2023-4331 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols |
CVE-2023-4326 | High | 7.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites |
CVE-2023-4345 | Medium | 6.5 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user |