Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
9.8CVSS
9.4AI Score
0.002EPSS
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...
9.8CVSS
9.4AI Score
0.004EPSS
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2aallows remote unauthenticated users to bypass web authentication andauthorization.
9.8CVSS
9.6AI Score
0.004EPSS