Broadcom: >> Brocade Sannav >> 2.3.0 Security Vulnerabilities
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-07-10
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-07-10
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file.
These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-07-10
Brocade SANnav before SANnav 2.3.1b
enables weak TLS ciphers on ports 443 and 18082. In case of a successful
exploit, an attacker can read Brocade SANnav data stream that includes
monitored Brocade Fabric OS switches performance data, port status,
zoning information, WWNs, IP Addresses, but no customer data, no
personal data and no secrets or passwords, as it travels across the
network.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-02-15
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-15
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-02-14
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-02-14
CalInvocationHandler in Brocade
SANnav before 2.3.1b logs sensitive information in clear text. The
vulnerability could allow an authenticated, local attacker to view
Brocade Fabric OS switch sensitive information in clear text. An
attacker with administrative privileges could retrieve sensitive
information including passwords; SNMP responses that contain AuthSecret
and PrivSecret after collecting a “supportsave” or getting access to an
already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-14
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-08
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-04-25
Page 1