VYPR

SANnav

by Brocade

CVEs (69)

  • CVE-2022-28168HigJun 27, 2022
    risk 0.49cvss 7.5epss 0.01

    In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

  • CVE-2022-28166HigJun 27, 2022
    risk 0.49cvss 7.5epss 0.01

    In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

  • CVE-2020-15380HigJun 9, 2021
    risk 0.49cvss 7.5epss 0.01

    Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.

  • CVE-2020-15379HigJun 9, 2021
    risk 0.49cvss 7.5epss 0.01

    Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.

  • CVE-2020-15381HigJun 9, 2021
    risk 0.49cvss 7.5epss 0.01

    Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.

  • CVE-2019-16208HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.00

    Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

  • CVE-2020-15387HigJun 9, 2021
    risk 0.48cvss 7.4epss 0.00

    The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

  • CVE-2019-16209HigNov 8, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

  • CVE-2024-2240HigFeb 14, 2025
    risk 0.47cvss 7.2epss 0.00

    Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

  • CVE-2020-15382HigJun 9, 2021
    risk 0.47cvss 7.2epss 0.01

    Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

  • CVE-2022-43936MedNov 21, 2024
    risk 0.44cvss 6.8epss 0.01

    Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.

  • CVE-2024-29965MedApr 19, 2024
    risk 0.44cvss 6.8epss 0.00

    In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance,…

  • CVE-2024-29960MedApr 19, 2024
    risk 0.44cvss 6.8epss 0.00

    In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH…

  • CVE-2022-43934MedNov 21, 2024
    risk 0.42cvss 6.5epss 0.00

    Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.

  • CVE-2024-29956MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.

  • CVE-2022-28167MedJun 27, 2022
    risk 0.42cvss 6.5epss 0.01

    Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

  • CVE-2022-28164MedMay 6, 2022
    risk 0.42cvss 6.5epss 0.00

    Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

  • CVE-2022-43937MedNov 21, 2024
    risk 0.37cvss 5.7epss 0.00

    Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a

  • CVE-2024-29964MedApr 19, 2024
    risk 0.37cvss 5.7epss 0.01

    Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

  • CVE-2024-29951MedApr 17, 2024
    risk 0.37cvss 5.7epss 0.00

    Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.