Broadcom: >> Brocade Sannav >> 1.1.1 Security Vulnerabilities
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-09
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
CVSS Score
7.4
EPSS Score
0.001
Published
2021-06-09
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-06-09
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-09-25
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-09-25
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-11-08
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-08
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-11-08
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-08
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
CVSS Score
7.4
EPSS Score
0.002
Published
2019-11-08