Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Brocade_sannav
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-08 | CVE-2024-2860 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | Brocade_sannav | 7.8 | ||
| 2024-04-17 | CVE-2024-29950 | The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. | Brocade_sannav | 5.9 | ||
| 2024-04-17 | CVE-2024-29951 | Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | Brocade_sannav | 5.7 | ||
| 2024-04-17 | CVE-2024-29952 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | Brocade_sannav | 5.5 | ||
| 2024-04-17 | CVE-2024-29955 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | Brocade_sannav | 5.5 | ||
| 2024-04-18 | CVE-2024-29956 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | Brocade_sannav | 6.5 | ||
| 2024-04-19 | CVE-2024-29957 | When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | Brocade_sannav | 7.5 | ||
| 2024-04-19 | CVE-2024-29958 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. | Brocade_sannav | 6.5 | ||
| 2024-04-19 | CVE-2024-29959 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | Brocade_sannav | 8.6 | ||
| 2024-04-19 | CVE-2024-29960 | In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | Brocade_sannav | 7.5 |