Broadcom: >> Brocade Sannav >> 2.2.2 Security Vulnerabilities
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
CVSS Score
5.7
EPSS Score
0.001
Published
2024-11-21
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-08
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-04-25
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-25
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-19
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
CVSS Score
7.7
EPSS Score
0.002
Published
2024-04-19
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-04-19
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-19
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-04-19
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-04-19
Page 1