cbcvebase.
CVE-2022-28170
published 2022-10-25

CVE-2022-28170: Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements…

PriorityP426medium6.5CVSS 3.1
AVLACLPRLUINSCCHINAN
EPSS
0.21%
10.6th percentile
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

Affected

4 ranges
VendorProductVersion rangeFixed in
broadcomfabric_operating_system< 7.4.2j7.4.2j
broadcomfabric_operating_system
broadcomfabric_operating_system>= 8.0.0 < 8.2.3c8.2.3c
broadcomfabric_operating_system>= 9.0.0 < 9.0.1e9.0.1e

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
vendor_oracle5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.