brocade 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk input validation、vendor risk cross-site scripting、vendor risk csrf, and バッファオーバーフロー があり、vendor surface production workloads の利用場面で vendor impact memory corruption、vendor impact unexpected behavior, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-7397 | A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches. | [email protected] | 6.8 | 0.01% | 2025-07-17 | 2026-02-02 |
| CVE-2022-33186 | A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. | [email protected] | 9.8 | 1.12% | 2022-12-08 | 2026-02-05 |
| CVE-2022-27776 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | [email protected] | 6.5 | 0.68% | 2022-06-02 | 2024-11-21 |
| CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | [email protected] | 7.5 | 0.15% | 2022-06-02 | 2026-05-27 |
| CVE-2022-27774 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | [email protected] | 5.7 | 0.29% | 2022-06-02 | 2026-05-27 |
| CVE-2022-22576 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | [email protected] | 8.1 | 0.34% | 2022-05-26 | 2026-05-27 |
| CVE-2022-28161 | An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | [email protected] | 5.5 | 0.06% | 2022-05-09 | 2024-11-21 |
| CVE-2021-22555 KEV | A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | [email protected] | 8.3 | 85.24% | 2021-07-07 | 2025-10-27 |
| CVE-2020-13632 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | [email protected] | 5.5 | 0.03% | 2020-05-27 | 2024-11-21 |
| CVE-2020-13631 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | [email protected] | 5.5 | 0.05% | 2020-05-27 | 2024-11-21 |
| CVE-2020-13630 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | [email protected] | 7.0 | 0.07% | 2020-05-27 | 2024-11-21 |
| CVE-2018-6445 | A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords. | [email protected] | 7.5 | 0.55% | 2019-01-22 | 2024-11-21 |
| CVE-2018-6444 | A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. | [email protected] | 9.8 | 2.15% | 2019-01-22 | 2024-11-21 |
| CVE-2018-6443 | A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. | [email protected] | 8.1 | 7.54% | 2019-01-22 | 2024-11-21 |
| CVE-2017-6227 | A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | [email protected] | 6.5 | 0.08% | 2018-02-08 | 2024-11-21 |
| CVE-2017-6225 | Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. | [email protected] | 6.1 | 0.38% | 2018-02-08 | 2024-11-21 |
| CVE-2016-8209 | Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module. | [email protected] | 7.5 | 0.47% | 2017-05-08 | 2026-05-13 |
| CVE-2016-8207 | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | [email protected] | 7.5 | 5.09% | 2017-01-14 | 2026-05-13 |
| CVE-2016-8206 | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | [email protected] | 7.5 | 10.38% | 2017-01-14 | 2026-05-13 |
| CVE-2016-8205 | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | [email protected] | 9.8 | 24.06% | 2017-01-14 | 2026-05-13 |