Brocade Sannav Security Vulnerabilities and Issues — Brocade Sannav CVE List

Lucene search

BroadcomBrocade Sannav

11 matches found

CVE•added 2024/11/21 11:15 a.m.•85 views

CVE-2022-43937

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a

5.7CVSS5.5AI score0.00055EPSS

CVE•added 2024/04/25 6:16 a.m.•77 views

CVE-2024-4159

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

5.3CVSS6.9AI score0.00263EPSS

CVE•added 2022/12/09 2:15 a.m.•63 views

CVE-2022-33187

Brocade SANnav before v2.2.1 logs usernames and encoded passwords indebug-enabled logs. The vulnerability could allow an attacker with adminprivilege to read sensitive information.

5.5CVSS5AI score0.00137EPSS

CVE•added 2019/11/08 6:15 p.m.•62 views

CVE-2019-16206

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2024/11/21 11:15 a.m.•59 views

CVE-2022-43935

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.

5.3CVSS5.1AI score0.0003EPSS

CVE•added 2024/04/17 10:15 p.m.•57 views

CVE-2024-29952

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.

5.5CVSS6.6AI score0.00046EPSS

CVE•added 2024/04/19 5:15 a.m.•53 views

CVE-2024-29962

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.

5.5CVSS6.2AI score0.00067EPSS

CVE•added 2024/04/17 10:15 p.m.•47 views

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs.This could provide attackers with an additional, less-protected path to acquiring the encryption key.

5.5CVSS6.5AI score0.00091EPSS

CVE•added 2024/04/17 8:15 p.m.•46 views

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.

5.7CVSS6.8AI score0.0005EPSS

CVE•added 2019/11/08 6:15 p.m.•43 views

CVE-2019-16210

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

5.5CVSS5.6AI score0.00028EPSS

CVE•added 2023/08/31 1:15 a.m.•35 views

CVE-2023-31423

Possibleinformation exposure through log file vulnerability where sensitivefields are recorded in the configuration log without masking on BrocadeSANnav before v2.3.0 and 2.2.2a. Notes:To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave"output...

5.7CVSS5.3AI score0.00055EPSS