Search

Find a vulnerability

Search criteria

    44 vulnerabilities found for LSI Storage Authority (LSA) by Broadcom

    CVE-2023-4344 (GCVE-0-2023-4344)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
    Summary
    Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:36.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:24:49.458889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:26:09.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331: Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:58:03.947Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4344",
        "datePublished": "2023-08-15T18:25:34.072Z",
        "dateReserved": "2023-08-14T21:29:52.908Z",
        "dateUpdated": "2025-11-04T16:10:36.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4343 (GCVE-0-2023-4343)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
    Summary
    Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:35.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4343",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T20:03:40.979136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T20:03:56.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:26.622Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4343",
        "datePublished": "2023-08-15T18:25:34.170Z",
        "dateReserved": "2023-08-14T21:29:37.816Z",
        "dateUpdated": "2025-11-04T16:10:35.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4342 (GCVE-0-2023-4342)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:34.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T20:02:18.354310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T20:02:31.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security  policy"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:26.404Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security  policy",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4342",
        "datePublished": "2023-08-15T18:25:34.363Z",
        "dateReserved": "2023-08-14T21:29:11.769Z",
        "dateUpdated": "2025-11-04T16:10:34.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4341 (GCVE-0-2023-4341)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
    Summary
    Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:33.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:43:37.493202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:43:58.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:26.182Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4341",
        "datePublished": "2023-08-15T18:25:34.542Z",
        "dateReserved": "2023-08-14T21:27:55.642Z",
        "dateUpdated": "2025-11-04T16:10:33.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4340 (GCVE-0-2023-4340)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
    Summary
    Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:32.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:42:32.043734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:43:09.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:26.025Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4340",
        "datePublished": "2023-08-15T18:25:35.073Z",
        "dateReserved": "2023-08-14T21:27:55.493Z",
        "dateUpdated": "2025-11-04T16:10:32.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4339 (GCVE-0-2023-4339)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
    Summary
    Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:31.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:41:47.878961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:41:58.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:25.818Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4339",
        "datePublished": "2023-08-15T18:25:35.162Z",
        "dateReserved": "2023-08-14T21:27:55.417Z",
        "dateUpdated": "2025-11-04T16:10:31.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4338 (GCVE-0-2023-4338)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:30.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4338",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:40:13.790581Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:40:23.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:25.625Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4338",
        "datePublished": "2023-08-15T18:25:36.445Z",
        "dateReserved": "2023-08-14T21:27:55.350Z",
        "dateUpdated": "2025-11-04T16:10:30.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4337 (GCVE-0-2023-4337)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
    Summary
    Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:29.412Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4337",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:39:11.305505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:39:39.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:25.451Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4337",
        "datePublished": "2023-08-15T18:25:36.690Z",
        "dateReserved": "2023-08-14T21:27:55.221Z",
        "dateUpdated": "2025-11-04T16:10:29.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4336 (GCVE-0-2023-4336)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:28.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4336",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:37:55.233368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:38:10.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:25.290Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4336",
        "datePublished": "2023-08-15T18:25:36.778Z",
        "dateReserved": "2023-08-14T21:27:55.157Z",
        "dateUpdated": "2025-11-04T16:10:28.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4335 (GCVE-0-2023-4335)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2024-10-08 19:37
    VLAI
    Title
    Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
    Summary
    Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:35:49.902757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:37:21.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:25.101Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4335",
        "datePublished": "2023-08-15T18:25:37.042Z",
        "dateReserved": "2023-08-14T21:25:58.771Z",
        "dateUpdated": "2024-10-08T19:37:21.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4334 (GCVE-0-2023-4334)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
    Summary
    Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:27.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4334",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:35:07.326506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:35:21.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller Web server (nginx) is serving private files without any authentication"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:24.923Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller Web server (nginx) is serving private files without any authentication",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4334",
        "datePublished": "2023-08-15T18:25:37.123Z",
        "dateReserved": "2023-08-14T21:25:58.724Z",
        "dateUpdated": "2025-11-04T16:10:27.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4333 (GCVE-0-2023-4333)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
    Summary
    Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:26.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:34:27.460689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:34:36.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ordering by server"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:43:56.277Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ordering by server",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4333",
        "datePublished": "2023-08-15T18:25:37.222Z",
        "dateReserved": "2023-08-14T21:25:58.657Z",
        "dateUpdated": "2025-11-04T16:10:26.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4332 (GCVE-0-2023-4332)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
    Summary
    Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:24.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4332",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:27:15.721447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:29:50.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:56:55.253Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4332",
        "datePublished": "2023-08-15T18:25:37.323Z",
        "dateReserved": "2023-08-14T21:25:58.608Z",
        "dateUpdated": "2025-11-04T16:10:24.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4331 (GCVE-0-2023-4331)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
    Summary
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:23.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:23:15.858042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:25:44.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:55:43.479Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4331",
        "datePublished": "2023-08-15T18:25:37.408Z",
        "dateReserved": "2023-08-14T21:25:58.466Z",
        "dateUpdated": "2025-11-04T16:10:23.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4329 (GCVE-0-2023-4329)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:22.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:19:53.153951Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:22:13.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:24.200Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4329",
        "datePublished": "2023-08-15T18:25:38.060Z",
        "dateReserved": "2023-08-14T21:25:58.373Z",
        "dateUpdated": "2025-11-04T16:10:22.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4328 (GCVE-0-2023-4328)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Summary
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:21.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:19:08.708967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:19:19.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:42:15.841Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4328",
        "datePublished": "2023-08-15T18:25:38.246Z",
        "dateReserved": "2023-08-14T21:25:58.130Z",
        "dateUpdated": "2025-11-04T16:10:21.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4327 (GCVE-0-2023-4327)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Summary
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:20.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4327",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:04:49.686025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:05:12.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:41:33.093Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4327",
        "datePublished": "2023-08-15T18:25:38.370Z",
        "dateReserved": "2023-08-14T21:22:21.442Z",
        "dateUpdated": "2025-11-04T16:10:20.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4326 (GCVE-0-2023-4326)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
    Summary
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
    Affected: 0
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:19.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4326",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:01:37.725882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:03:09.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:54:56.874Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4326",
        "datePublished": "2023-08-15T18:25:38.586Z",
        "dateReserved": "2023-08-14T21:19:37.314Z",
        "dateUpdated": "2025-11-04T16:10:19.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4325 (GCVE-0-2023-4325)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
    Summary
    Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:18.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:58:07.119861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:00:04.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:23.421Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4325",
        "datePublished": "2023-08-15T18:25:38.706Z",
        "dateReserved": "2023-08-14T21:10:36.380Z",
        "dateUpdated": "2025-11-04T16:10:18.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4324 (GCVE-0-2023-4324)

    Vulnerability from nvd – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:17.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:54:08.973670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:57:24.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy  headers"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:23.250Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy  headers",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4324",
        "datePublished": "2023-08-15T18:25:38.873Z",
        "dateReserved": "2023-08-14T21:06:24.381Z",
        "dateUpdated": "2025-11-04T16:10:17.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4323 (GCVE-0-2023-4323)

    Vulnerability from nvd – Published: 2023-08-15 18:21 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
    Summary
    Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:16.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4323",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T20:05:02.040092Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T20:05:12.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:23.092Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4323",
        "datePublished": "2023-08-15T18:21:36.882Z",
        "dateReserved": "2023-08-14T21:02:26.963Z",
        "dateUpdated": "2025-11-04T16:10:16.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4324 (GCVE-0-2023-4324)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:17.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:54:08.973670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:57:24.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy  headers"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:23.250Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy  headers",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4324",
        "datePublished": "2023-08-15T18:25:38.873Z",
        "dateReserved": "2023-08-14T21:06:24.381Z",
        "dateUpdated": "2025-11-04T16:10:17.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4325 (GCVE-0-2023-4325)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
    Summary
    Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:18.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:58:07.119861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:00:04.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:23.421Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4325",
        "datePublished": "2023-08-15T18:25:38.706Z",
        "dateReserved": "2023-08-14T21:10:36.380Z",
        "dateUpdated": "2025-11-04T16:10:18.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4326 (GCVE-0-2023-4326)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
    Summary
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
    Affected: 0
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:19.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4326",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:01:37.725882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:03:09.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:54:56.874Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4326",
        "datePublished": "2023-08-15T18:25:38.586Z",
        "dateReserved": "2023-08-14T21:19:37.314Z",
        "dateUpdated": "2025-11-04T16:10:19.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4327 (GCVE-0-2023-4327)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Summary
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:20.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4327",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:04:49.686025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:05:12.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:41:33.093Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4327",
        "datePublished": "2023-08-15T18:25:38.370Z",
        "dateReserved": "2023-08-14T21:22:21.442Z",
        "dateUpdated": "2025-11-04T16:10:20.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4328 (GCVE-0-2023-4328)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
    Summary
    Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:21.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:19:08.708967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:19:19.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:42:15.841Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable  to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4328",
        "datePublished": "2023-08-15T18:25:38.246Z",
        "dateReserved": "2023-08-14T21:25:58.130Z",
        "dateUpdated": "2025-11-04T16:10:21.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4329 (GCVE-0-2023-4329)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
    Summary
    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:22.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:19:53.153951Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:22:13.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-16T02:04:24.200Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute",
          "x_generator": {
            "engine": "cveClient/1.0.14"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4329",
        "datePublished": "2023-08-15T18:25:38.060Z",
        "dateReserved": "2023-08-14T21:25:58.373Z",
        "dateUpdated": "2025-11-04T16:10:22.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4331 (GCVE-0-2023-4331)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
    Summary
    Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:23.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:23:15.858042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:25:44.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:55:43.479Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4331",
        "datePublished": "2023-08-15T18:25:37.408Z",
        "dateReserved": "2023-08-14T21:25:58.466Z",
        "dateUpdated": "2025-11-04T16:10:23.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4332 (GCVE-0-2023-4332)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
    Summary
    Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Intel RAID Web Console 3 (RWC3) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    broadcom lsi_storage_authority Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*
    Create a notification for this product.
    intel raid_web_console_3 Affected: 0 , < 7.017.011.000 (custom)
        cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:24.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:broadcom:lsi_storage_authority:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lsi_storage_authority",
                "vendor": "broadcom",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:intel:raid_web_console_3:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "raid_web_console_3",
                "vendor": "intel",
                "versions": [
                  {
                    "lessThan": "7.017.011.000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4332",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:27:15.721447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:29:50.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAID Web Console 3 (RWC3)",
              "vendor": "Intel",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T21:56:55.253Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4332",
        "datePublished": "2023-08-15T18:25:37.323Z",
        "dateReserved": "2023-08-14T21:25:58.608Z",
        "dateUpdated": "2025-11-04T16:10:24.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4333 (GCVE-0-2023-4333)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:25 – Updated: 2025-11-04 16:10
    VLAI
    Title
    Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
    Summary
    Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Broadcom LSI Storage Authority (LSA) Affected: 0 , < 7.017.011.000 (custom)
    Create a notification for this product.
    Credits
    Intel DCG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:10:26.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/resources/product-security-center"
              },
              {
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T19:34:27.460689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:34:36.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LSI Storage Authority (LSA)",
              "vendor": "Broadcom",
              "versions": [
                {
                  "lessThan": "7.017.011.000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Intel DCG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ordering by server"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:43:56.277Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.broadcom.com/support/resources/product-security-center"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
                }
              ],
              "value": "This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ordering by server",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-4333",
        "datePublished": "2023-08-15T18:25:37.222Z",
        "dateReserved": "2023-08-14T21:25:58.657Z",
        "dateUpdated": "2025-11-04T16:10:26.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }