Vulnerabilities > Broadcom > Brocade Sannav

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-31423 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a.
local
low complexity
broadcom CWE-312
5.5
2023-08-31 CVE-2023-31424 Unspecified vulnerability in Broadcom Brocade Sannav
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.
network
low complexity
broadcom
critical
9.8
2023-08-31 CVE-2023-31925 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext.
network
low complexity
broadcom CWE-312
6.5
2022-12-09 CVE-2022-33187 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs.
network
low complexity
broadcom CWE-532
4.9
2022-01-18 CVE-2022-23302 Deserialization of Untrusted Data vulnerability in multiple products
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.
network
low complexity
apache netapp broadcom qos oracle CWE-502
8.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
9.8
2021-06-09 CVE-2020-15379 Improper Input Validation vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
network
low complexity
broadcom CWE-20
7.5
2021-06-09 CVE-2020-15387 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
network
high complexity
broadcom CWE-326
7.4
2021-06-09 CVE-2020-15382 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
network
low complexity
broadcom CWE-798
7.2
2020-09-25 CVE-2019-16211 Insufficiently Protected Credentials vulnerability in Broadcom Brocade Sannav
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
network
low complexity
broadcom CWE-522
critical
9.8