Vulnerabilities > Broadcom > Brocade Sannav > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2022-43934 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | 7.5 |
| 2024-05-08 | CVE-2024-2860 | Missing Authentication for Critical Function vulnerability in Broadcom Brocade Sannav The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. | 7.8 |
| 2024-04-25 | CVE-2024-4161 | Cleartext Transmission of Sensitive Information vulnerability in Broadcom Brocade Sannav In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. | 7.5 |
| 2024-04-19 | CVE-2024-29969 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav 2.2.2/2.2.2A/2.3.0 When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | 7.5 |
| 2024-04-19 | CVE-2024-29957 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. | 7.5 |
| 2024-04-19 | CVE-2024-29959 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | 8.6 |
| 2024-04-19 | CVE-2024-29960 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. | 7.5 |
| 2024-04-19 | CVE-2024-29961 | Unspecified vulnerability in Broadcom Brocade Sannav A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. | 8.2 |
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2021-06-09 | CVE-2020-15379 | Improper Input Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0 Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | 7.5 |