These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-8207 is a high-severity directory traversal vulnerability in Brocade Network Advisor’s CliMonitorReportServlet. In affected releases up to and including 14.0.2, a remote attacker could read arbitrary files on the server, including files containing sensitive user information.
CVE-2016-8206 is a directory traversal issue in the SoftwareImageUpload servlet of Brocade Network Advisor. According to NVD, affected versions include Brocade Network Advisor through 14.0.2, and the flaw can let remote attackers write to arbitrary files and, as a consequence, delete files. Because the issue is network-reachable and requires no user interaction, it should be treated as a high-priority fix [truncated]
CVE-2016-8205 is a critical directory traversal issue in Brocade Network Advisor’s DashboardFileReceiveServlet. The NVD record says affected versions include those released prior to and including 14.0.2, and that a remote attacker could upload a malicious file into a filesystem location where it can be executed. Because the CVSS vector is network-reachable, requires no privileges, and no user interaction, [truncated]
CVE-2016-8201 describes a cross-site request forgery (CSRF) issue in Brocade Virtual Traffic Manager versions released prior to and including 11.0. In practical terms, an attacker could induce an authenticated user to submit administrative actions against the traffic manager cluster. The NVD record classifies the weakness as CWE-352 and rates it High severity.