Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Brocade_sannav
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-19 | CVE-2024-29965 | In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | Brocade_sannav | 5.9 | ||
| 2024-04-19 | CVE-2024-29966 | Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | Brocade_sannav | 9.8 | ||
| 2024-04-19 | CVE-2024-29967 | In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. | Brocade_sannav | 6.0 | ||
| 2024-04-19 | CVE-2024-29968 | An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | Brocade_sannav | 6.5 | ||
| 2024-04-19 | CVE-2024-29969 | When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | Brocade_sannav | 7.5 | ||
| 2024-11-21 | CVE-2022-43933 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | Brocade_sannav | 4.4 | ||
| 2024-11-21 | CVE-2022-43934 | Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | Brocade_sannav | 7.5 | ||
| 2024-11-21 | CVE-2022-43935 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | Brocade_sannav | 4.4 | ||
| 2024-11-21 | CVE-2022-43936 | Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | Brocade_sannav | 4.9 | ||
| 2024-11-21 | CVE-2022-43937 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | Brocade_sannav | 5.5 |