CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor
21244
01 August 2023
13 September 2022
CLOSED
LOW
Base Score: 8.0 - HIGH - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
N/A
CVE-2022-0155
Summary
Security Advisory ID : BSA-2022-1676
Component : Follow-Redirects
Revision : 2.0
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor.
Notes:
Brocade Fabric OS does not use cookies; however, Brocade Fabric OS versions after v9.0.0 and before v9.1.1 do contain the vulnerable component.
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
While Brocade Fabric OS is not exploitable, a security update is provided in Brocade Fabric OS: v9.1.1 and v9.2.0 to remove the vulnerable components from the FOS binary.
Revision History
|
Version |
Change |
Date |
|---|---|---|
|
1.0 |
Initial Publication |
Sept 13, 2022 |
|
2.0 |
Updated Solution to show an additional update delivered in v9.1.1 and v9.2.0 to fully remove the unused vulnerable component from security scan detection |
August 1, 2023 |