Broadcom: >> Brocade Sannav >> 1.1.0 Security Vulnerabilities
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-11-21
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-11-21
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
CVSS Score
5.7
EPSS Score
0.001
Published
2024-11-21
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-11-21
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-11-21
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-08
A vulnerability in Brocade SANnav exposes Kafka in the wan interface.
The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
CVSS Score
7.6
EPSS Score
0.005
Published
2024-04-25
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-04-25
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-25
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
CVSS Score
7.7
EPSS Score
0.002
Published
2024-04-19
Page 1