Vulnerabilities > Broadcom > Brocade Sannav > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |
| 2024-04-25 | CVE-2024-4173 | Unspecified vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | 9.8 |
| 2024-04-19 | CVE-2024-29966 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. | 9.8 |
| 2023-08-31 | CVE-2023-31424 | Unspecified vulnerability in Broadcom Brocade Sannav Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | 9.8 |
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2020-09-25 | CVE-2019-16211 | Insufficiently Protected Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0 Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | 9.8 |