Vulnerabilities > Broadcom > Sannav > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
9.8
2022-05-06 CVE-2022-28163 SQL Injection vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.1.1.8
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
network
low complexity
broadcom CWE-89
critical
9.8
2021-06-09 CVE-2020-15377 Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav 2.1.0
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
network
low complexity
broadcom CWE-918
critical
9.8