CVE-2025-27559

Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

Broadcom Brocade SANnav 访问控制错误漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom, Inc. A security vulnerability exists in versions prior to Broadcom Brocade SANnav 2.3.0a that stems from the vulnerability of the PostgreSQL implementation to an incorrect local authentication flaw that allows an attack...

PT-2024-22492 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0a Description: The PostgreSQL implementation in Brocade SANnav is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where Brocade SANnav is installed can gain access to...

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Jav...

CVE-2024-29964

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...

CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...

CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

PT-2024-23171 · Brocade · Brocade Sannav Ova

Name of the Vulnerable Software and Affected Versions: Brocade SANnav OVA versions prior to 2.3.1 Brocade SANnav OVA version 2.3.0a Description: The issue is related to an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileg...

PT-2024-23170 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from an encryption key being printed in the console when a privileged user executes a script to replace the...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from a Docker instance within the appliance that has an insecure mounting point that allows read and write access to sensiti...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which originated from printing the Brocade Fabric OS switch encryption passwords in the support saves of the Brocade SANnav...

PT-2024-7964 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the backup function in Brocade SANnav, which stores confidential information insecurely. This allows a local attacker to recover backup...

PT-2024-7966 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0a Description: The issue is related to incorrect permissions set on files, including docker files, in Brocade SANnav. This allows an unprivileged attacker who gains access to the server to read sensitive...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.3.1, v2.3.0a, which originates from allowing a privileged user to print SANnav encryption keys in the PostgreSQL startup log...

PT-2024-3803 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: A vulnerability in Brocade SANnav is related to the storage of protected information in unencrypted form. The issue allows an attacker to reveal protected...

PT-2024-4305 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: An information disclosure issue exists in Brocade SANnav when instances are configured in disaster recovery mode, allowing authenticated users to access the...

Optergy Proton/Enterprise Input Validation Error Vulnerability

Optergy Proton/Enterprise is an enterprise building management system from Optergy USA. An input validation error vulnerability exists in Optergy Proton/Enterprise versions 2.3.0a and earlier. The vulnerability arises from a network system or product that does not properly validate input data...