Vulnerabilities > Brocade

DATE CVE VULNERABILITY TITLE RISK
2020-12-11 CVE-2020-15376 Incorrect Authorization vulnerability in Brocade Fabric OS
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
network
low complexity
brocade CWE-863
4.0
2020-12-11 CVE-2020-15375 Improper Input Validation vulnerability in Brocade Fabric OS
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked.
local
low complexity
brocade CWE-20
4.6
2020-09-25 CVE-2020-15374 Improper Input Validation vulnerability in Brocade Fabric OS
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
network
low complexity
brocade CWE-20
7.5
2020-09-25 CVE-2020-15373 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Brocade Fabric OS
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
network
low complexity
brocade CWE-119
7.5
2020-09-25 CVE-2020-15372 Improper Control of Dynamically-Managed Code Resources vulnerability in Brocade Fabric OS
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
local
low complexity
brocade CWE-913
2.1
2020-09-25 CVE-2020-15371 Unspecified vulnerability in Brocade Fabric OS
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
network
low complexity
brocade
7.5
2020-09-25 CVE-2020-15370 Information Exposure Through LOG Files vulnerability in Brocade Fabric OS
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext.
network
low complexity
brocade CWE-532
4.0
2020-09-25 CVE-2020-15369 Weak Password Requirements vulnerability in Brocade Fabric OS
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server.
network
low complexity
brocade CWE-521
4.0
2020-02-05 CVE-2019-16204 Information Exposure Through LOG Files vulnerability in Brocade Fabric OS
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
network
low complexity
brocade CWE-532
5.0
2020-02-05 CVE-2019-16203 Information Exposure Through LOG Files vulnerability in Brocade Fabric OS
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
network
low complexity
brocade CWE-532
5.0