Filtered by vendor Broadcom
Subscriptions
Filtered by product Brocade Sannav
Subscriptions
Total
49 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-6392 | 1 Broadcom | 1 Brocade Sannav | 2025-07-15 | N/A |
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
CVE-2025-6390 | 1 Broadcom | 1 Brocade Sannav | 2025-07-15 | N/A |
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
CVE-2025-4662 | 1 Broadcom | 1 Brocade Sannav | 2025-07-15 | N/A |
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
CVE-2022-23302 | 6 Apache, Broadcom, Netapp and 3 more | 44 Log4j, Brocade Sannav, Snapmanager and 41 more | 2025-07-07 | 8.8 High |
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
CVE-2024-3596 | 5 Broadcom, Freeradius, Ietf and 2 more | 12 Brocade Sannav, Fabric Operating System, Freeradius and 9 more | 2025-05-01 | 9 Critical |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||
CVE-2022-33187 | 1 Broadcom | 1 Brocade Sannav | 2025-04-22 | 5.5 Medium |
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | ||||
CVE-2024-2859 | 1 Broadcom | 1 Brocade Sannav | 2025-03-19 | 6.8 Medium |
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
CVE-2023-31424 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | 8.1 High |
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | ||||
CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | 5.7 Medium |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | ||||
CVE-2024-2860 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 7.8 High |
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | ||||
CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 7.6 High |
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | ||||
CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 8.6 High |
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | ||||
CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 4.3 Medium |
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | ||||
CVE-2022-43936 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | ||||
CVE-2022-43937 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.7 Medium |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | ||||
CVE-2022-43935 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.3 Medium |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | ||||
CVE-2022-43934 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.5 Medium |
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | ||||
CVE-2022-43933 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | ||||
CVE-2024-29955 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5 Medium |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
CVE-2024-29952 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.5 Medium |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. |