Filtered by vendor Broadcom
Subscriptions
Filtered by product Brocade Sannav
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-2860 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 7.8 High |
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | ||||
CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 7.6 High |
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | ||||
CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 8.6 High |
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | ||||
CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 4.3 Medium |
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | ||||
CVE-2022-43936 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | ||||
CVE-2022-43937 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.7 Medium |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | ||||
CVE-2022-43935 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.3 Medium |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | ||||
CVE-2022-43934 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.5 Medium |
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | ||||
CVE-2022-43933 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | ||||
CVE-2024-29955 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5 Medium |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
CVE-2024-29952 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.5 Medium |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | ||||
CVE-2024-29951 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.7 Medium |
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | ||||
CVE-2024-29956 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.5 Medium |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | ||||
CVE-2024-29957 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
CVE-2024-29958 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. | ||||
CVE-2024-29959 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.6 High |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | ||||
CVE-2024-29960 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | ||||
CVE-2024-29961 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.2 High |
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. | ||||
CVE-2024-29963 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 1.9 Low |
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | ||||
CVE-2024-29962 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.5 Medium |
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. |