Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-19 | CVE-2024-29964 | Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Brocade Sannav Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. | 6.5 |
| 2024-04-19 | CVE-2024-29965 | Insecure Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). | 5.9 |
| 2024-04-19 | CVE-2024-29967 | Incorrect Default Permissions vulnerability in Broadcom Brocade Sannav In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. | 6.0 |
| 2024-04-19 | CVE-2024-29958 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. | 6.5 |
| 2024-04-18 | CVE-2024-29956 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | 6.5 |
| 2024-04-17 | CVE-2024-29952 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | 5.5 |
| 2024-04-17 | CVE-2024-29955 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. | 5.5 |
| 2024-04-17 | CVE-2024-29951 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | 5.7 |
| 2024-04-17 | CVE-2024-29950 | Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. | 5.9 |
| 2024-04-05 | CVE-2023-5973 | Origin Validation Error vulnerability in Broadcom Fabric Operating System Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. | 4.3 |