VYPR

SANnav

by Brocade

CVEs (69)

  • CVE-2024-4282CriFeb 15, 2025
    risk 0.64cvss 9.8epss 0.00

    Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

  • CVE-2022-28163CriMay 6, 2022
    risk 0.64cvss 9.8epss 0.01

    In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

  • CVE-2020-15377CriJun 9, 2021
    risk 0.64cvss 9.8epss 0.01

    Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

  • CVE-2019-16211CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.

  • CVE-2022-28165HigMay 6, 2022
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The…

  • CVE-2019-16212HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.

  • CVE-2019-16205HigNov 8, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

  • CVE-2024-4161HigApr 25, 2024
    risk 0.56cvss 8.6epss 0.00

    In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.

  • CVE-2024-29959HigApr 19, 2024
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.

  • CVE-2024-29961HigApr 19, 2024
    risk 0.53cvss 8.2epss 0.01

    A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote…

  • CVE-2023-31424HigAug 31, 2023
    risk 0.53cvss 8.1epss 0.01

    Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.

  • CVE-2024-2860HigMay 8, 2024
    risk 0.51cvss 7.8epss 0.00

    The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

  • CVE-2019-16207HigNov 8, 2019
    risk 0.51cvss 7.8epss 0.00

    Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.

  • CVE-2024-29968HigApr 19, 2024
    risk 0.50cvss 7.7epss 0.00

    An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow…

  • CVE-2024-4173HigApr 25, 2024
    risk 0.49cvss 7.6epss 0.01

    A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

  • CVE-2024-29969HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.00

    When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.

  • CVE-2024-29966HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

  • CVE-2024-29958HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to…

  • CVE-2024-29957HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.00

    When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

  • CVE-2024-29950HigApr 17, 2024
    risk 0.49cvss 7.5epss 0.00

    The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.

Page 1 of 4