CVE-2023-4329

Description

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Affected products

• Broadcom / LSI Storage Authority (LSA)0 – 7.017.011.000
• Intel / RAID Web Console 3 (RWC3)0 – 7.017.011.000

References

• MISChttps://www.broadcom.com/support/resources/product-security-center