| CVE-2025-7398 | Cri | 0.59 | 9.1 | 0.00 | | Jul 17, 2025 | Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. |
| CVE-2025-6391 | Cri | 0.59 | 9.1 | 0.00 | | Jul 17, 2025 | Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure. |
| CVE-2024-1509 | Cri | 0.59 | 9.1 | 0.00 | | Feb 28, 2025 | Brocade ASCG before 3.2.0 Web Interface is not
enforcing HSTS, as defined by RFC 6797. HSTS is an optional response
header that can be configured on the server to instruct the browser to
only communicate via HTTPS. The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking
protections. |
