Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Broadcom — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting Broadcom. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Broadcom operates as a global infrastructure technology leader, specializing in semiconductor and infrastructure software solutions that power critical enterprise networks, data centers, and broadband connectivity. Its extensive product portfolio, including VMware virtualization and network switching hardware, creates a broad attack surface for potential exploitation. Historically, vulnerabilities within its ecosystem have frequently involved remote code execution, buffer overflows, and privilege escalation flaws, often stemming from complex legacy codebases or misconfigured default settings in embedded systems. Notable security incidents have included critical flaws in network management interfaces and firmware components, which could allow attackers to gain unauthorized access or disrupt service availability. With 88 recorded CVEs, the company’s security posture is heavily scrutinized due to the critical nature of its infrastructure role. Continuous patching and rigorous code auditing remain essential to mitigate risks associated with these diverse software and hardware components in high-stakes environments.

Top products by Broadcom: LSI Storage Authority (LSA) Symantec Privileged Access Management BCM5820X DX NetOps Spectrum Brocade SANnav Brocade ASCG WiFi drivers brcmfmac WiFi driver Symantec IT Management Suite Symantec Endpoint Protection Windows Client Symantec PGP Encryption Data Loss Prevention SiteMinder Symantec Web Security Services Agent Unified Infrastructure Management 8.6.IT Management Suite Brocade Fabric OS Automic Automation CA Client Automation (ITCM) Symantec SiteMinder
CVE IDTitleCVSSSeverityPublished
CVE-2024-36455 Symantec Privileged Access Manager Remote Command Execution vulnerability — Symantec Privileged Access Management 9.8 -2024-07-15
CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent — Symantec SiteMinder 6.1AIMediumAI2024-06-14
CVE-2023-4325 Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities — LSI Storage Authority (LSA) 9.8 -2023-08-15
CVE-2023-4326 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites — LSI Storage Authority (LSA)CWE-327 9.1 -2023-08-15
CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers — LSI Storage Authority (LSA) 9.4 -2023-08-15
CVE-2023-4327 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux — LSI Storage Authority (LSA)CWE-522 5.5 -2023-08-15
CVE-2023-4328 Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux — LSI Storage Authority (LSA)CWE-522 5.5 -2023-08-15
CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute — LSI Storage Authority (LSA) 8.2 -2023-08-15
CVE-2023-4331 Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols — LSI Storage Authority (LSA)CWE-327 9.1 -2023-08-15
CVE-2023-4332 Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file — LSI Storage Authority (LSA)CWE-732 7.8 -2023-08-15
CVE-2023-4333 Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server — LSI Storage Authority (LSA)CWE-326 5.5 -2023-08-15
CVE-2023-4334 Broadcom RAID Controller Web server (nginx) is serving private files without any authentication — LSI Storage Authority (LSA) 7.5 -2023-08-15
CVE-2023-4335 Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux — LSI Storage Authority (LSA) 6.2 -2023-08-15
CVE-2023-4336 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute — LSI Storage Authority (LSA) 8.2 -2023-08-15
CVE-2023-4337 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation — LSI Storage Authority (LSA) 8.8 -2023-08-15
CVE-2023-4338 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers — LSI Storage Authority (LSA) 7.6 -2023-08-15
CVE-2023-4341 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI — LSI Storage Authority (LSA) 7.8 -2023-08-15
CVE-2023-4340 Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file — LSI Storage Authority (LSA) 7.8 -2023-08-15
CVE-2023-4339 Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions — LSI Storage Authority (LSA) 5.5 -2023-08-15
CVE-2023-4342 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy — LSI Storage Authority (LSA) 9.8 -2023-08-15
CVE-2023-4343 Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter — LSI Storage Authority (LSA) 9.1 -2023-08-15
CVE-2023-4344 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection — LSI Storage Authority (LSA)CWE-331 5.3 -2023-08-15
CVE-2023-4323 Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup — LSI Storage Authority (LSA) 9.8 -2023-08-15
CVE-2023-4345 Broadcom RAID Controller web interface is vulnerable client-side control bypass — LSI Storage Authority (LSA) 7.1 -2023-08-15
CVE-2019-9502 Broadcom wl driver is vulnerable to heap buffer overflow — WiFi driversCWE-122 7.9 High2020-02-03
CVE-2019-9501 Broadcom wl driver is vulnerable to heap buffer overflow — WiFi driversCWE-122 7.9 High2020-02-03
CVE-2019-9503 Broadcom brcmfmac driver is vulnerable to a frame validation bypass — brcmfmac WiFi driverCWE-20 7.9 High2020-01-16
CVE-2019-9500 Broadcom brcmfmac driver is vulnerable to a heap buffer overflow — brcmfmac WiFi driverCWE-122 7.9 High2020-01-16

This page lists every published CVE security advisory associated with Broadcom. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.