Vulnerabilities > Broadcom > Brocade Sannav > 2.2.2a

DATE CVE VULNERABILITY TITLE RISK
2024-05-08 CVE-2024-2860 Missing Authentication for Critical Function vulnerability in Broadcom Brocade Sannav
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw.
local
low complexity
broadcom CWE-306
7.8
7.8
2024-04-25 CVE-2024-4159 Unspecified vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
network
low complexity
broadcom
5.3
5.3
2024-04-25 CVE-2024-4161 Cleartext Transmission of Sensitive Information vulnerability in Broadcom Brocade Sannav
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text.
network
low complexity
broadcom CWE-319
7.5
7.5
2024-04-19 CVE-2024-29968 Insecure Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode.
network
low complexity
broadcom CWE-922
6.5
6.5
2024-04-19 CVE-2024-29969 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav 2.2.2/2.2.2A/2.3.0
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
network
low complexity
broadcom CWE-326
7.5
7.5
2024-04-19 CVE-2024-29962 Incorrect Default Permissions vulnerability in Broadcom Brocade Sannav
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable.
local
low complexity
broadcom CWE-276
5.5
5.5
2024-04-19 CVE-2024-29964 Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Brocade Sannav
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files.
network
low complexity
broadcom CWE-732
6.5
6.5
2024-04-19 CVE-2024-29965 Insecure Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH").
local
low complexity
broadcom CWE-922
5.9
5.9
2024-04-19 CVE-2024-29966 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password.
network
low complexity
broadcom CWE-798
critical
 9.8
9.8
2024-04-19 CVE-2024-29967 Incorrect Default Permissions vulnerability in Broadcom Brocade Sannav
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files.
local
low complexity
broadcom CWE-276
6.0
6.0