CVE-2022-28170
published 2022-10-25CVE-2022-28170: Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements…
PriorityP426medium6.5CVSS 3.1
AVLACLPRLUINSCCHINAN
EPSS
0.21%
10.6th percentile
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | fabric_operating_system | < 7.4.2j | 7.4.2j |
| broadcom | fabric_operating_system | — | — |
| broadcom | fabric_operating_system | >= 8.0.0 < 8.2.3c | 8.2.3c |
| broadcom | fabric_operating_system | >= 9.0.0 < 9.0.1e | 9.0.1e |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
vendor_oracle5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-73xq-c68f-h599: Brocade Fabric OS Web Application services before Brocade Fabric v9
ghsa_unreviewed·2022-10-26
CVE-2022-28170 [MEDIUM] CWE-922 GHSA-73xq-c68f-h599: Brocade Fabric OS Web Application services before Brocade Fabric v9
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
Oracle
Oracle Oracle Communications Risk Matrix: Policy (Jakarta) — CVE-2021-28170
vendor_oracle·2022-04-15·CVSS 5.3
CVE-2021-28170 [MEDIUM] Oracle Oracle Communications Risk Matrix: Policy (Jakarta) — CVE-2021-28170
Oracle Oracle Communications Risk Matrix: Policy (Jakarta) vulnerability
CVE: CVE-2021-28170
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://security.netapp.com/advisory/ntap-20230127-0002/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076https://security.netapp.com/advisory/ntap-20230127-0002/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076
2022-10-25
Published