Insecure Default HTTP Configuration in Broadcom RAID Controller Web Interface Exposes SESSIONID Cookie Vulnerability

Insecure Default HTTP Configuration in Broadcom RAID Controller Web Interface Exposes SESSIONID Cookie Vulnerability

CVE-2023-4329 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Learn more about our Web App Pen Testing.