2.2.0.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

broadcom

CWE-922

NVD

Published: 2022-06-27

Updated: 2022-07-07

Summary

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Sannav 2.2.0.0 Broadcom Sannav - Broadcom Sannav 2.1.0 Broadcom Sannav 2.1.1	4

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979
https://security.netapp.com/advisory/ntap-20220627-0003/