Brocade Sannav Security Vulnerabilities and Issues — Brocade Sannav CVE List

Lucene search

BroadcomBrocade Sannav

6 matches found

CVE•added 2019/11/08 6:15 p.m.•63 views

CVE-2019-16207

Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.

7.8CVSS7.4AI score0.00044EPSS

CVE•added 2019/11/08 6:15 p.m.•62 views

CVE-2019-16206

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2019/11/08 6:15 p.m.•50 views

CVE-2019-16205

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

8.8CVSS8.5AI score0.00352EPSS

CVE•added 2019/11/08 6:15 p.m.•43 views

CVE-2019-16208

Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

7.5CVSS7.4AI score0.00081EPSS

CVE•added 2019/11/08 6:15 p.m.•43 views

CVE-2019-16210

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

5.5CVSS5.6AI score0.00028EPSS

CVE•added 2019/11/08 6:15 p.m.•36 views

CVE-2019-16209

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

7.4CVSS7.2AI score0.00215EPSS