Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LSI Storage Authority (LSA) — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in LSI Storage Authority (LSA), with AI-generated Chinese analysis, references, and POCs.

Vendor: Broadcom

CVE IDTitleCVSSSeverityPublished
CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers 9.4 -2023-08-15
CVE-2023-4326 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites CWE-327 9.1 -2023-08-15
CVE-2023-4325 Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities 9.8 -2023-08-15
CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute 8.2 -2023-08-15
CVE-2023-4328 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux CWE-522 5.5 -2023-08-15
CVE-2023-4327 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux CWE-522 5.5 -2023-08-15
CVE-2023-4337 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation 8.8 -2023-08-15
CVE-2023-4336 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute 8.2 -2023-08-15
CVE-2023-4335 Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux 6.2 -2023-08-15
CVE-2023-4334 Broadcom RAID Controller Web server (nginx) is serving private files without any authentication 7.5 -2023-08-15
CVE-2023-4333 Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server CWE-326 5.5 -2023-08-15
CVE-2023-4332 Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file CWE-732 7.8 -2023-08-15
CVE-2023-4331 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols CWE-327 9.1 -2023-08-15
CVE-2023-4338 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers 7.6 -2023-08-15
CVE-2023-4341 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI 7.8 -2023-08-15
CVE-2023-4340 Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file 7.8 -2023-08-15
CVE-2023-4339 Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions 5.5 -2023-08-15
CVE-2023-4343 Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter 9.1 -2023-08-15
CVE-2023-4342 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy 9.8 -2023-08-15
CVE-2023-4344 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection CWE-331 5.3 -2023-08-15
CVE-2023-4323 Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup 9.8 -2023-08-15
CVE-2023-4345 Broadcom RAID Controller web interface is vulnerable client-side control bypass 7.1 -2023-08-15

All 22 known CVE vulnerabilities affecting LSI Storage Authority (LSA) with full Chinese analysis, references, and POCs where available.