Vulnerabilities > Broadcom > Brocade Sannav > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
2021-06-09 | CVE-2020-15379 | Improper Input Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0 Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | 7.5 |
2021-06-09 | CVE-2020-15387 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | 7.4 |
2021-06-09 | CVE-2020-15382 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | 7.2 |
2020-09-25 | CVE-2019-16212 | Unspecified vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0 A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
2019-11-08 | CVE-2019-16209 | Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | 7.4 |
2019-11-08 | CVE-2019-16208 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | 7.5 |
2019-11-08 | CVE-2019-16207 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | 7.8 |
2019-11-08 | CVE-2019-16205 | Use of Insufficiently Random Values vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. | 8.8 |