Sannav Security Vulnerabilities
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL...
7.8CVSS
6.7AI Score
0.0004EPSS
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root...
6.8CVSS
7.1AI Score
0.0004EPSS
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade...
7.6CVSS
6.8AI Score
0.0004EPSS
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive...
8.6CVSS
6.8AI Score
0.0004EPSS
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker...
4.3CVSS
6.9AI Score
0.0004EPSS
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port...
7.5CVSS
7.1AI Score
0.0004EPSS
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access.....
7.7CVSS
6.6AI Score
0.0004EPSS
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these...
5.7CVSS
6.2AI Score
0.0004EPSS
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav...
7.5CVSS
8.5AI Score
0.0004EPSS
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to.....
4.4CVSS
6.4AI Score
0.0004EPSS
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.7AI Score
0.0004EPSS
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java...
5.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the...
8.2CVSS
8.5AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support...
8.6CVSS
6.8AI Score
0.0004EPSS
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker...
1.9CVSS
8.5AI Score
0.0004EPSS
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the...
6.8CVSS
8.4AI Score
0.0004EPSS
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption...
7.5CVSS
6.4AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption.....
7.5CVSS
6.5AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade...
6.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption...
5CVSS
6.5AI Score
0.0004EPSS
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote...
5.7CVSS
6.8AI Score
0.0004EPSS
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle...
7.5CVSS
6.7AI Score
0.0004EPSS
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and ...
9.8CVSS
9.6AI Score
0.002EPSS
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP...
6.5CVSS
6.4AI Score
0.0005EPSS
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav...
5.7CVSS
5.2AI Score
0.0004EPSS
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive...
5.5CVSS
5AI Score
0.001EPSS
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 &...
7.5CVSS
7.6AI Score
0.002EPSS
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in...
6.5CVSS
6.6AI Score
0.001EPSS
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the...
7.5CVSS
7.4AI Score
0.002EPSS
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there....
9.8CVSS
10AI Score
0.106EPSS
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to....
5.5CVSS
5.1AI Score
0.0004EPSS
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain...
3.3CVSS
4.3AI Score
0.0004EPSS
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists...
8.8CVSS
8.5AI Score
0.002EPSS
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL...
9.8CVSS
9.5AI Score
0.001EPSS
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account...
6.5CVSS
6.3AI Score
0.001EPSS
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...
9.8CVSS
9.4AI Score
0.004EPSS
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...
8.8CVSS
8.9AI Score
0.127EPSS
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field...
7.5CVSS
7.5AI Score
0.002EPSS
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without...
5.4CVSS
5.3AI Score
0.001EPSS
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response...
5.3CVSS
5.1AI Score
0.001EPSS
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery...
9.8CVSS
9.3AI Score
0.002EPSS
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging...
7.5CVSS
7.5AI Score
0.002EPSS
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack...
5.3CVSS
5.3AI Score
0.001EPSS
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH...
7.4CVSS
7.3AI Score
0.001EPSS
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx...
7.5CVSS
7.7AI Score
0.002EPSS
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at...
7.2CVSS
7.1AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication...
8.8CVSS
9.1AI Score
0.002EPSS
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of...
6CVSS
6AI Score
0.002EPSS