20 matches found
CVE-2022-2068
The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...
CVE-2022-28162
CVE-2022-28162 affects Brocade SANnav before version 2.2.0. The root cause is logging the REST API authentication token in plain text, potentially exposing credentials. Affected products are Brocade SANnav deployments prior to 2.2.0. Remediation is to upgrade to SANnav 2.2.0 or later (per the Bro...
CVE-2020-13401
Docker Engine vulnerability CVE-2020-13401: before 19.03.11, a container process with CAP_NET_RAW can craft IPv6 router advertisements via the bridge/network setup, enabling spoofing of external IPv6 hosts, potential information disclosure, or denial of service. Several connected advisories confi...
CVE-2022-28166
In Brocade SANnav, versions prior to SANN2.2.0.2 and prior to 2.1.1.8 expose TLS/SSL servers that support static key ciphers on ports 443 and 18082. Root cause: use of static key ciphers in the TLS/SSL server implementation. Impact: potential partial confidentiality disclosure; no data integrity ...
CVE-2022-28163
CVE-2022-28163 concerns Brocade SANnav before version 2.2.0. The connected sources confirm a SQL injection vulnerability in multiple endpoints related to Zone Management, allowing an attacker to execute arbitrary SQL commands. The root cause is insecure handling of inputs in the Zone Management e...
CVE-2022-28168
The CVE affects Brocade SANnav before versions v2.2.0.2 and v2.1.1.8. Root cause: SCP-server passwords are stored with Base64 encoding, which is not secure and could be decoded by someone with access to log files. Impact: authoritatively, exposed credentials in logs; practical risk is partial con...
CVE-2022-28165
CVE-2022-28165 describes a privilege escalation/ unauthorized access vulnerability in the RBAC implementation of Brocade SANnav prior to version 2.2.0. The issue arises because server-side permission checks are not consistently enforced before processing requests, enabling an authenticated remote...
CVE-2022-28164
CVE-2022-28164 affects Broadcom/Brocade SANnav prior to version 2.2.0. The issue arises from using the Blowfish symmetric encryption algorithm to store passwords, which could allow an authenticated attacker to decrypt stored account passwords. The advisory records remediation: upgrade to SANnav 2...
CVE-2022-28167
Brocade SANnav modules vulnerable to CVE-2022-28167: SANnav before v2.2.0.2 and before v2.1.1.8 log the Fabric OS switch password in plain text to asyncjobscheduler-manager.log. Root cause: sensitive credentials stored in logs, enabling potential disclosure. Affected products/versions: Brocade SA...
CVE-2020-15381
CVE-2020-15381 affects Brocade SANnav before version 2.1.1, where an Improper Authentication vulnerability allows cleartext transmission of authentication credentials for the JMX server. The issue is documented across multiple sources (NVD, Red Hat, Broadcom advisory BSA-2021-1483) and is specifi...
CVE-2020-15378
CVE-2020-15378 affects the OVA version of Broadcom/Brocade SANnav prior to 2.1.1 when IPv6 networking is enabled. The issue exposes docker container ports to the network, expanding the attack surface. According to BSA-2021-1481, IPv6 networking exposure occurs during installation or via the chang...
CVE-2020-15377
CVE-2020-15377 affects Broadcom/Brocade SANnav Webtools before version 2.1.1, where a misconfiguration enables unauthenticated SSRF to arbitrary hosts. The vulnerability arises from Webtools functionality that allows outgoing requests to external addresses, enabling an attacker to trigger request...
CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level, exposing sensitive information. Affected product: Broadcom/Brocade SANnav prior to 2.1.1. Root cause: verbose logging of credentials. Impact: credential exposure risk; no exploitation details are provided in ...
CVE-2020-15385
CVE-2020-15385 – Brocade SANnav prior to 2.1.1 : An authenticated attacker can list directories and files without permission, leaking folders and hidden files and enabling creation of directories. Connected documents confirm the issue affects SANnav versions before 2.1.1 and describe the root cau...
CVE-2020-15384
The CVE-2020-15384 entry concerns Brocade SANnav prior to version 2.1.1, which contains an information disclosure vulnerability. Exploitation concerns the exposure of internal server information in the initial login response header. Affected product: Brocade SANnav before 2.1.1. Root cause: infor...
CVE-2025-12680
CVE-2025-12680 affects Brocade SANnav prior to version 2.4.0b. In the event of disaster-recovery failover, the standby SANnav server logs database passwords in clear text, enabling a remote authenticated attacker with admin privileges to read the passwords from SANnav logs or the supportsave. The...
CVE-2025-12772
CVE-2025-12772 affects Brocade SANnav before 2.4.0b. The issue arises when an OOM condition causes a heap dump to include the switch admin password in plaintext within SANnav support logs. This could allow a remote authenticated attacker with admin privileges to read the password from logs or the...
CVE-2025-12773
CVE-2025-12773 involves a vulnerability in the Brocade SANnav product where the script update-reports-purge-settings.sh logs can include the SANnav database password in system audit logs on versions before 2.4.0a. The issue allows a remote authenticated attacker with audit-log access to retrieve ...
CVE-2025-12679
CVE-2025-12679 affects Brocade SANnav prior to 2.4.0b and 3.0.0, where during migration the Password-Based Encryption (PBE) key is logged in plaintext to the system audit logs. An attacker with local access to these logs (audit logs on the host server, visible only to privileged users) could retr...
CVE-2025-12774
The CVE-2025-12774 issue affects Brocade SANnav prior to version 3.0, caused by a vulnerability in the migration script. The flaw can enable collection of database SQL queries from the SANnav support save file, allowing an attacker who has access to that file to open it and extract sensitive info...