HIGH🇬🇧 English

CVE-2024-1509

CVSS 7.6v4.0pub. 2025-02-28upd. 2026-04-06

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Broadcom Brocade Active Support Connectivity Gateway

    APP
    Broadcom
    ≤ 3.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-0869HIGH8.3ten sam produkt

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations relate...

CVE-2025-6391HIGH7.1ten sam produkt

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files ...

CVE-2025-7398HIGH8.6ten sam produkt

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports port...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-1273CRITICAL9.8⚠ KEVten sam vendor

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2024-1509 — HIGH 7.6 | CVEbaza.pl