Brocade SANnav
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6392 | 0.00 | — | 0.00 | Jul 10, 2025 | Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only… | |||
| CVE-2025-6390 | 0.00 | — | 0.00 | Jul 10, 2025 | Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the… | |||
| CVE-2025-4662 | 0.00 | — | 0.00 | Jul 10, 2025 | Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server… | |||
| CVE-2023-31424 | 0.00 | — | 0.00 | Aug 31, 2023 | Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | |||
| CVE-2022-33187 | 0.00 | — | 0.00 | Dec 9, 2022 | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | |||
| CVE-2020-15385 | 0.00 | — | 0.00 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | |||
| CVE-2020-15380 | 0.00 | — | 0.00 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | |||
| CVE-2020-15379 | 0.00 | — | 0.00 | Jun 9, 2021 | Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | |||
| CVE-2020-15378 | 0.00 | — | 0.00 | Jun 9, 2021 | The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | |||
| CVE-2020-15381 | 0.00 | — | 0.00 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | |||
| CVE-2019-16211 | 0.00 | — | 0.00 | Sep 25, 2020 | Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | |||
| CVE-2019-16210 | 0.00 | — | 0.00 | Nov 8, 2019 | Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | |||
| CVE-2019-16208 | 0.00 | — | 0.00 | Nov 8, 2019 | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | |||
| CVE-2019-16207 | 0.00 | — | 0.00 | Nov 8, 2019 | Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. |
- CVE-2025-6392Jul 10, 2025risk 0.00cvss —epss 0.00
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only…
- CVE-2025-6390Jul 10, 2025risk 0.00cvss —epss 0.00
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the…
- CVE-2025-4662Jul 10, 2025risk 0.00cvss —epss 0.00
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server…
- CVE-2023-31424Aug 31, 2023risk 0.00cvss —epss 0.00
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.
- CVE-2022-33187Dec 9, 2022risk 0.00cvss —epss 0.00
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
- CVE-2020-15385Jun 9, 2021risk 0.00cvss —epss 0.00
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
- CVE-2020-15380Jun 9, 2021risk 0.00cvss —epss 0.00
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
- CVE-2020-15379Jun 9, 2021risk 0.00cvss —epss 0.00
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
- CVE-2020-15378Jun 9, 2021risk 0.00cvss —epss 0.00
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
- CVE-2020-15381Jun 9, 2021risk 0.00cvss —epss 0.00
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
- CVE-2019-16211Sep 25, 2020risk 0.00cvss —epss 0.00
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
- CVE-2019-16210Nov 8, 2019risk 0.00cvss —epss 0.00
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
- CVE-2019-16208Nov 8, 2019risk 0.00cvss —epss 0.00
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
- CVE-2019-16207Nov 8, 2019risk 0.00cvss —epss 0.00
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.