Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Brocade_sannav
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-31 | CVE-2023-31423 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | Brocade_sannav | 5.5 | ||
| 2023-08-31 | CVE-2023-31424 | Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | Brocade_sannav | 9.8 | ||
| 2024-04-25 | CVE-2024-4159 | Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | Brocade_sannav | 5.3 | ||
| 2024-04-25 | CVE-2024-4161 | In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | Brocade_sannav | 7.5 | ||
| 2024-04-25 | CVE-2024-4173 | A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | Brocade_sannav | 9.8 | ||
| 2024-05-08 | CVE-2024-2860 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | Brocade_sannav | 7.8 | ||
| 2024-04-17 | CVE-2024-29950 | The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. | Brocade_sannav | 5.9 | ||
| 2024-04-17 | CVE-2024-29951 | Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | Brocade_sannav | 5.7 | ||
| 2024-04-17 | CVE-2024-29952 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | Brocade_sannav | 5.5 | ||
| 2024-04-17 | CVE-2024-29955 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | Brocade_sannav | 5.5 |