Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sannav
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-27 | CVE-2022-28167 | Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | Sannav | 6.5 | ||
| 2021-06-09 | CVE-2020-15385 | Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | Sannav | 5.4 | ||
| 2022-06-27 | CVE-2022-28168 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | Sannav | 7.5 | ||
| 2022-05-09 | CVE-2022-28162 | Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | Sannav | 3.3 | ||
| 2022-05-06 | CVE-2022-28163 | In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | Sannav | 9.8 | ||
| 2021-06-09 | CVE-2020-15381 | Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | Sannav | 7.5 | ||
| 2021-06-09 | CVE-2020-15377 | Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | Sannav | 9.8 | ||
| 2021-06-09 | CVE-2020-15378 | The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | Sannav | 5.3 | ||
| 2021-06-09 | CVE-2020-15380 | Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | Sannav | 7.5 | ||
| 2021-06-09 | CVE-2020-15384 | Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | Sannav | 5.3 |