SANnav
by Brocade
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4282 | Cri | 0.64 | 9.8 | 0.00 | Feb 15, 2025 | Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | ||
| CVE-2022-28163 | Cri | 0.64 | 9.8 | 0.01 | May 6, 2022 | In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | ||
| CVE-2020-15377 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2021 | Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||
| CVE-2019-16211 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2020 | Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | ||
| CVE-2022-28165 | Hig | 0.57 | 8.8 | 0.01 | May 6, 2022 | A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The… | ||
| CVE-2019-16212 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2020 | A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. | ||
| CVE-2019-16205 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2019 | A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | ||
| CVE-2024-4161 | Hig | 0.56 | 8.6 | 0.00 | Apr 25, 2024 | In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | ||
| CVE-2024-29959 | Hig | 0.56 | 8.6 | 0.00 | Apr 19, 2024 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | ||
| CVE-2024-29961 | Hig | 0.53 | 8.2 | 0.01 | Apr 19, 2024 | A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote… | ||
| CVE-2023-31424 | Hig | 0.53 | 8.1 | 0.01 | Aug 31, 2023 | Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | ||
| CVE-2024-2860 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2024 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | ||
| CVE-2019-16207 | Hig | 0.51 | 7.8 | 0.00 | Nov 8, 2019 | Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | ||
| CVE-2024-29968 | Hig | 0.50 | 7.7 | 0.00 | Apr 19, 2024 | An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow… | ||
| CVE-2024-4173 | Hig | 0.49 | 7.6 | 0.01 | Apr 25, 2024 | A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | ||
| CVE-2024-29969 | Hig | 0.49 | 7.5 | 0.00 | Apr 19, 2024 | When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | ||
| CVE-2024-29966 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2024 | Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | ||
| CVE-2024-29958 | Hig | 0.49 | 7.5 | 0.00 | Apr 19, 2024 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to… | ||
| CVE-2024-29957 | Hig | 0.49 | 7.5 | 0.00 | Apr 19, 2024 | When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||
| CVE-2024-29950 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2024 | The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. |
- risk 0.64cvss 9.8epss 0.00
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
- risk 0.64cvss 9.8epss 0.01
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.01
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
- risk 0.64cvss 9.8epss 0.01
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
- risk 0.57cvss 8.8epss 0.01
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
- risk 0.56cvss 8.6epss 0.00
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.
- risk 0.56cvss 8.6epss 0.00
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
- risk 0.53cvss 8.2epss 0.01
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote…
- risk 0.53cvss 8.1epss 0.01
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.
- risk 0.51cvss 7.8epss 0.00
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
- risk 0.51cvss 7.8epss 0.00
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
- risk 0.50cvss 7.7epss 0.00
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow…
- risk 0.49cvss 7.6epss 0.01
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
- risk 0.49cvss 7.5epss 0.00
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
- risk 0.49cvss 7.5epss 0.01
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
- risk 0.49cvss 7.5epss 0.00
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to…
- risk 0.49cvss 7.5epss 0.00
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
- risk 0.49cvss 7.5epss 0.00
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
Page 1 of 4