5.4
CVE-2018-6447
- EPSS 0.3%
- Veröffentlicht 25.09.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 04:10:41
- Quelle sirt@brocade.com
- Teams Watchlist Login
- Unerledigt Login
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Fabric Operating System Version2.1.2
Broadcom ≫ Fabric Operating System Version2.2
Broadcom ≫ Fabric Operating System Version3.1
Broadcom ≫ Fabric Operating System Version5.0.5b
Broadcom ≫ Fabric Operating System Version5.2.0
Broadcom ≫ Fabric Operating System Version5.2.0a
Broadcom ≫ Fabric Operating System Version7.4.0
Broadcom ≫ Fabric Operating System Version7.4.1
Broadcom ≫ Fabric Operating System Version7.4.1a
Broadcom ≫ Fabric Operating System Version7.4.1b
Broadcom ≫ Fabric Operating System Version7.4.1c
Broadcom ≫ Fabric Operating System Version7.4.1d
Broadcom ≫ Fabric Operating System Version7.4.1e
Broadcom ≫ Fabric Operating System Version7.4.2
Broadcom ≫ Fabric Operating System Version7.4.2a
Broadcom ≫ Fabric Operating System Version7.4.2b
Broadcom ≫ Fabric Operating System Version7.4.2c
Broadcom ≫ Fabric Operating System Version7.4.2d
Broadcom ≫ Fabric Operating System Version7.4.2f
Broadcom ≫ Fabric Operating System Version8.0.0
Broadcom ≫ Fabric Operating System Version8.0.1
Broadcom ≫ Fabric Operating System Version8.0.1a
Broadcom ≫ Fabric Operating System Version8.0.1b
Broadcom ≫ Fabric Operating System Version8.0.2
Broadcom ≫ Fabric Operating System Version8.0.2a
Broadcom ≫ Fabric Operating System Version8.0.2b
Broadcom ≫ Fabric Operating System Version8.0.2c
Broadcom ≫ Fabric Operating System Version8.0.2d
Broadcom ≫ Fabric Operating System Version8.0.2f
Broadcom ≫ Fabric Operating System Version8.1.0
Broadcom ≫ Fabric Operating System Version8.1.0a
Broadcom ≫ Fabric Operating System Version8.1.0b
Broadcom ≫ Fabric Operating System Version8.1.0c
Broadcom ≫ Fabric Operating System Version8.1.1
Broadcom ≫ Fabric Operating System Version8.1.1a
Broadcom ≫ Fabric Operating System Version8.1.2
Broadcom ≫ Fabric Operating System Version8.1.2a
Broadcom ≫ Fabric Operating System Version8.1.2b
Broadcom ≫ Fabric Operating System Version8.1.2c
Broadcom ≫ Fabric Operating System Version8.1.2d
Broadcom ≫ Fabric Operating System Version8.1.2e
Broadcom ≫ Fabric Operating System Version8.1.2f
Broadcom ≫ Fabric Operating System Version8.1.2j
Broadcom ≫ Fabric Operating System Version8.2.0
Broadcom ≫ Fabric Operating System Version8.2.0a
Broadcom ≫ Fabric Operating System Version8.2.1
Broadcom ≫ Fabric Operating System Version8.2.1a
Broadcom ≫ Fabric Operating System Version8.2.1b
Broadcom ≫ Fabric Operating System Version8.2.1c
Broadcom ≫ Fabric Operating System Version8.2.1d
Broadcom ≫ Fabric Operating System Version8.2.2
Broadcom ≫ Fabric Operating System Version8.2.2a
Broadcom ≫ Fabric Operating System Version8.2.2a1
Broadcom ≫ Fabric Operating System Version8.2.2b
Broadcom ≫ Fabric Operating System Version8.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.