An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Sep 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Wed, 18 Sep 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. |
Weaknesses | CWE-922 |
MITRE
Status: PUBLISHED
Assigner: brocade
Published: 2024-04-19T05:17:57.502Z
Updated: 2024-09-18T22:32:12.764Z
Reserved: 2024-03-22T05:32:26.687Z
Link: CVE-2024-29968
Vulnrichment
Updated: 2024-08-02T01:17:58.610Z
NVD
Status : Awaiting Analysis
Published: 2024-04-19T06:15:06.497
Modified: 2024-09-18T23:15:11.427
Link: CVE-2024-29968
Redhat
No data.