Intel Dcg

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers. This issue affects the web interface, making it vulnerable to attacks. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to its usage of Libcurl with known vulnerabilities in LSA. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. This issue affects the default configuration, making it vulnerable to exploitation. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data. The keys used for encryption are accessible to any local user on Linux. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data. The keys used for encryption are accessible to any local user on Windows and Linux. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to an insecure default HTTP configuration that does not safeguard the `SESSIONID` cookie with the `SameSite` attribute. This issue affects the default configuration, potentially exposing user sessions to risks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface has an insecure default TLS configuration that supports obsolete and vulnerable TLS protocols. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to improper permissions on the log file. This issue may allow unauthorized access or exploitation. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data. The keys used for encryption are accessible to any local user on Windows. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller Web server (nginx) (affected versions not specified) **Description** The issue concerns the Broadcom RAID Controller Web server, which is based on nginx. It is serving private files without any authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller Web server (nginx) (affected versions not specified) **Description** The issue concerns the Broadcom RAID Controller Web server, which is based on nginx and is serving private server-side files without any authentication on Linux. This could potentially allow unauthorized access to sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to an insecure default HTTP configuration that does not safeguard cookies with the Secure attribute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to an insecure default HTTP configuration that does not provide X-Content-Type-Options Headers. This issue affects the web interface, making it vulnerable to certain attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM, which are stored with insecure file permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The issue concerns a privilege escalation vulnerability in the Broadcom RAID Controller. It can be exploited by taking advantage of the session prints in the log file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The issue is related to the creation of insecure folders by the Web GUI, which can lead to privilege escalation to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to insecure defaults, specifically the lack of an HTTP strict-transport-security policy. This issue can be exploited, but details about real-world incidents or the estimated number of potentially affected devices worldwide are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom RAID Controller (affected versions not specified) **Description** The Broadcom RAID Controller web interface is vulnerable due to the exposure of sensitive password information in the URL as a URL search parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.