Vulnerabilities > Broadcom > Brocade Sannav

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2019-16212 Unspecified vulnerability in Broadcom Brocade Sannav
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
broadcom
8.8
2019-11-08 CVE-2019-16210 Missing Encryption of Sensitive Data vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
local
low complexity
broadcom CWE-311
5.5
2019-11-08 CVE-2019-16209 Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
network
high complexity
broadcom CWE-295
7.4
2019-11-08 CVE-2019-16208 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
network
low complexity
broadcom CWE-327
7.5
2019-11-08 CVE-2019-16207 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
local
low complexity
broadcom CWE-798
7.8
2019-11-08 CVE-2019-16206 Missing Encryption of Sensitive Data vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
local
low complexity
broadcom CWE-311
5.5
2019-11-08 CVE-2019-16205 Use of Insufficiently Random Values vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.
network
low complexity
broadcom CWE-330
8.8