Lucene search
K
BroadcomSannav

20 matches found

CVE
CVE
added 2022/06/21 2:45 p.m.1250 views

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

10CVSS9.2AI score0.95764EPSS
CVE
CVE
added 2022/05/09 4:31 p.m.633 views

CVE-2022-28162

CVE-2022-28162 affects Brocade SANnav before version 2.2.0. The root cause is logging the REST API authentication token in plain text, potentially exposing credentials. Affected products are Brocade SANnav deployments prior to 2.2.0. Remediation is to upgrade to SANnav 2.2.0 or later (per the Bro...

3.3CVSS4.3AI score0.0015EPSS
CVE
CVE
added 2020/06/02 1:42 p.m.450 views

CVE-2020-13401

Docker Engine vulnerability CVE-2020-13401: before 19.03.11, a container process with CAP_NET_RAW can craft IPv6 router advertisements via the bridge/network setup, enabling spoofing of external IPv6 hosts, potential information disclosure, or denial of service. Several connected advisories confi...

6CVSS6AI score0.02839EPSS
CVE
CVE
added 2022/06/27 5:51 p.m.114 views

CVE-2022-28166

In Brocade SANnav, versions prior to SANN2.2.0.2 and prior to 2.1.1.8 expose TLS/SSL servers that support static key ciphers on ports 443 and 18082. Root cause: use of static key ciphers in the TLS/SSL server implementation. Impact: potential partial confidentiality disclosure; no data integrity ...

7.5CVSS7.6AI score0.00534EPSS
CVE
CVE
added 2022/05/06 4:1 p.m.78 views

CVE-2022-28163

CVE-2022-28163 concerns Brocade SANnav before version 2.2.0. The connected sources confirm a SQL injection vulnerability in multiple endpoints related to Zone Management, allowing an attacker to execute arbitrary SQL commands. The root cause is insecure handling of inputs in the Zone Management e...

9.8CVSS9.5AI score0.00874EPSS
CVE
CVE
added 2022/06/27 5:52 p.m.72 views

CVE-2022-28168

The CVE affects Brocade SANnav before versions v2.2.0.2 and v2.1.1.8. Root cause: SCP-server passwords are stored with Base64 encoding, which is not secure and could be decoded by someone with access to log files. Impact: authoritatively, exposed credentials in logs; practical risk is partial con...

7.5CVSS7.4AI score0.00874EPSS
CVE
CVE
added 2022/05/06 4:8 p.m.71 views

CVE-2022-28165

CVE-2022-28165 describes a privilege escalation/ unauthorized access vulnerability in the RBAC implementation of Brocade SANnav prior to version 2.2.0. The issue arises because server-side permission checks are not consistently enforced before processing requests, enabling an authenticated remote...

8.8CVSS8.5AI score0.01156EPSS
CVE
CVE
added 2022/05/06 4:1 p.m.70 views

CVE-2022-28164

CVE-2022-28164 affects Broadcom/Brocade SANnav prior to version 2.2.0. The issue arises from using the Blowfish symmetric encryption algorithm to store passwords, which could allow an authenticated attacker to decrypt stored account passwords. The advisory records remediation: upgrade to SANnav 2...

6.5CVSS6.3AI score0.00275EPSS
CVE
CVE
added 2022/06/27 5:51 p.m.70 views

CVE-2022-28167

Brocade SANnav modules vulnerable to CVE-2022-28167: SANnav before v2.2.0.2 and before v2.1.1.8 log the Fabric OS switch password in plain text to asyncjobscheduler-manager.log. Root cause: sensitive credentials stored in logs, enabling potential disclosure. Affected products/versions: Brocade SA...

6.5CVSS6.6AI score0.00619EPSS
CVE
CVE
added 2021/06/09 2:32 p.m.54 views

CVE-2020-15381

CVE-2020-15381 affects Brocade SANnav before version 2.1.1, where an Improper Authentication vulnerability allows cleartext transmission of authentication credentials for the JMX server. The issue is documented across multiple sources (NVD, Red Hat, Broadcom advisory BSA-2021-1483) and is specifi...

7.5CVSS7.7AI score0.01033EPSS
CVE
CVE
added 2021/06/09 3:15 p.m.50 views

CVE-2020-15378

CVE-2020-15378 affects the OVA version of Broadcom/Brocade SANnav prior to 2.1.1 when IPv6 networking is enabled. The issue exposes docker container ports to the network, expanding the attack surface. According to BSA-2021-1481, IPv6 networking exposure occurs during installation or via the chang...

5.3CVSS5.3AI score0.00793EPSS
CVE
CVE
added 2021/06/09 3:15 p.m.48 views

CVE-2020-15377

CVE-2020-15377 affects Broadcom/Brocade SANnav Webtools before version 2.1.1, where a misconfiguration enables unauthenticated SSRF to arbitrary hosts. The vulnerability arises from Webtools functionality that allows outgoing requests to external addresses, enabling an attacker to trigger request...

9.8CVSS9.3AI score0.01156EPSS
CVE
CVE
added 2021/06/09 3:15 p.m.44 views

CVE-2020-15380

Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level, exposing sensitive information. Affected product: Broadcom/Brocade SANnav prior to 2.1.1. Root cause: verbose logging of credentials. Impact: credential exposure risk; no exploitation details are provided in ...

7.5CVSS7.5AI score0.00986EPSS
CVE
CVE
added 2021/06/09 3:42 p.m.43 views

CVE-2020-15385

CVE-2020-15385 – Brocade SANnav prior to 2.1.1 : An authenticated attacker can list directories and files without permission, leaking folders and hidden files and enabling creation of directories. Connected documents confirm the issue affects SANnav versions before 2.1.1 and describe the root cau...

5.5CVSS5.3AI score0.00542EPSS
CVE
CVE
added 2021/06/09 3:42 p.m.42 views

CVE-2020-15384

The CVE-2020-15384 entry concerns Brocade SANnav prior to version 2.1.1, which contains an information disclosure vulnerability. Exploitation concerns the exposure of internal server information in the initial login response header. Affected product: Brocade SANnav before 2.1.1. Root cause: infor...

5.3CVSS5.1AI score0.00506EPSS
CVE
CVE
added 2026/02/02 8:50 p.m.17 views

CVE-2025-12680

CVE-2025-12680 affects Brocade SANnav prior to version 2.4.0b. In the event of disaster-recovery failover, the standby SANnav server logs database passwords in clear text, enabling a remote authenticated attacker with admin privileges to read the passwords from SANnav logs or the supportsave. The...

6CVSS5.4AI score0.00222EPSS
CVE
CVE
added 2026/02/02 10:41 p.m.15 views

CVE-2025-12772

CVE-2025-12772 affects Brocade SANnav before 2.4.0b. The issue arises when an OOM condition causes a heap dump to include the switch admin password in plaintext within SANnav support logs. This could allow a remote authenticated attacker with admin privileges to read the password from logs or the...

8.5CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2026/02/03 12:38 a.m.15 views

CVE-2025-12773

CVE-2025-12773 involves a vulnerability in the Brocade SANnav product where the script update-reports-purge-settings.sh logs can include the SANnav database password in system audit logs on versions before 2.4.0a. The issue allows a remote authenticated attacker with audit-log access to retrieve ...

7.1CVSS5.5AI score0.0033EPSS
CVE
CVE
added 2026/02/02 9:41 p.m.13 views

CVE-2025-12679

CVE-2025-12679 affects Brocade SANnav prior to 2.4.0b and 3.0.0, where during migration the Password-Based Encryption (PBE) key is logged in plaintext to the system audit logs. An attacker with local access to these logs (audit logs on the host server, visible only to privileged users) could retr...

7.1CVSS5.5AI score0.00148EPSS
CVE
CVE
added 2026/02/03 1:28 a.m.13 views

CVE-2025-12774

The CVE-2025-12774 issue affects Brocade SANnav prior to version 3.0, caused by a vulnerability in the migration script. The flaw can enable collection of database SQL queries from the SANnav support save file, allowing an attacker who has access to that file to open it and extract sensitive info...

7.5CVSS5.3AI score0.00178EPSS