First published: Tue Aug 15 2023(Updated: )
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Broadcom RAID Controller web interface | =51.12.0-2779 | |
=51.12.0-2779 |
This issue is fixed in 7.017.011.000. For more information please contact your Broadcom representative.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4329 is a vulnerability in Broadcom RAID Controller web interface due to an insecure default of HTTP configuration that does not safeguard the SESSIONID cookie with SameSite attribute.
CVE-2023-4329 has a severity rating of 9.8 (Critical).
Broadcom RAID Controller web interface version 51.12.0-2779 is affected by CVE-2023-4329.
To fix CVE-2023-4329, update the Broadcom RAID Controller web interface to a version that includes the safeguarding of the SESSIONID cookie with the SameSite attribute.
More information about CVE-2023-4329 can be found at the Broadcom Product Security Center: [https://www.broadcom.com/support/resources/product-security-center](https://www.broadcom.com/support/resources/product-security-center)