Vulnerabilities > Broadcom > Brocade Sannav > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-31423 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a.
local
low complexity
broadcom CWE-312
5.5
2023-08-31 CVE-2023-31925 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext.
network
low complexity
broadcom CWE-312
6.5
2022-12-09 CVE-2022-33187 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs.
network
low complexity
broadcom CWE-532
4.9
2021-06-09 CVE-2020-15379 Improper Input Validation vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
network
low complexity
broadcom CWE-20
5.0
2021-06-09 CVE-2020-15387 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
network
broadcom CWE-326
5.8
2021-06-09 CVE-2020-15382 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
network
low complexity
broadcom CWE-798
6.5
2019-11-08 CVE-2019-16209 Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
network
broadcom CWE-295
5.8
2019-11-08 CVE-2019-16208 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
network
low complexity
broadcom CWE-327
5.0
2019-11-08 CVE-2019-16207 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
local
low complexity
broadcom CWE-798
4.6
2019-11-08 CVE-2019-16205 Use of Insufficiently Random Values vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.
network
broadcom CWE-330
4.3