Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-21 CVE-2022-43934 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
network
low complexity
broadcom CWE-327
7.5
2024-11-21 CVE-2024-10403 Files or Directories Accessible to External Parties vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.
network
low complexity
broadcom CWE-552
7.5
2024-11-12 CVE-2024-7516 Missing Authentication for Critical Function vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
high complexity
broadcom CWE-306
7.1
2024-06-26 CVE-2024-5460 Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP.
network
low complexity
broadcom CWE-798
8.1
2024-05-08 CVE-2024-2860 Missing Authentication for Critical Function vulnerability in Broadcom Brocade Sannav
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw.
local
low complexity
broadcom CWE-306
7.8
2024-04-25 CVE-2024-4161 Cleartext Transmission of Sensitive Information vulnerability in Broadcom Brocade Sannav
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text.
network
low complexity
broadcom CWE-319
7.5
2024-04-19 CVE-2024-29969 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav 2.2.2/2.2.2A/2.3.0
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
network
low complexity
broadcom CWE-326
7.5
2024-04-19 CVE-2024-29957 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files.
network
low complexity
broadcom CWE-532
7.5
2024-04-19 CVE-2024-29959 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
network
low complexity
broadcom CWE-532
8.6
2024-04-19 CVE-2024-29960 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed.
high complexity
broadcom CWE-798
7.5