Lucene search

BrocadeCVELIST:CVE-2024-29955

HistoryApr 17, 2024 - 10:11 p.m.

CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File

2024-04-1722:11:51

CWE-532

brocade

www.cve.org

cve-2024-29955

brocade sannav

encryption key

postgresql

vulnerability

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs.
This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Brocade SANnav",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before v2.3.1 and v2.3.0a"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23239

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-29955