Jeff Jarmoc

**Name of the Vulnerable Software and Affected Versions** BreakingPoint Storm appliance versions prior to 3.0 **Description** The administrative interface in the embedded web server does not require authentication for the gwt/BugReport script, allowing remote attackers to obtain sensitive information by downloading a .tgz file. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BreakingPoint Storm appliance versions prior to 3.0 **Description** The issue allows remote attackers to obtain sensitive information by sniffing the network for XML documents, as the appliance requires cleartext credentials for establishing a session from a GUI administrative client. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue.