SANnav
by Brocade
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28168 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2022 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | ||
| CVE-2022-28166 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2022 | In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | ||
| CVE-2020-15380 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||
| CVE-2020-15379 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2021 | Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | ||
| CVE-2020-15381 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | ||
| CVE-2019-16208 | Hig | 0.49 | 7.5 | 0.00 | Nov 8, 2019 | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | ||
| CVE-2020-15387 | Hig | 0.48 | 7.4 | 0.00 | Jun 9, 2021 | The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | ||
| CVE-2019-16209 | Hig | 0.48 | 7.4 | 0.01 | Nov 8, 2019 | A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | ||
| CVE-2024-2240 | Hig | 0.47 | 7.2 | 0.00 | Feb 14, 2025 | Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | ||
| CVE-2020-15382 | Hig | 0.47 | 7.2 | 0.01 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | ||
| CVE-2022-43936 | Med | 0.44 | 6.8 | 0.01 | Nov 21, 2024 | Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | ||
| CVE-2024-29965 | Med | 0.44 | 6.8 | 0.00 | Apr 19, 2024 | In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance,… | ||
| CVE-2024-29960 | Med | 0.44 | 6.8 | 0.00 | Apr 19, 2024 | In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH… | ||
| CVE-2022-43934 | Med | 0.42 | 6.5 | 0.00 | Nov 21, 2024 | Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | ||
| CVE-2024-29956 | Med | 0.42 | 6.5 | 0.00 | Apr 18, 2024 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | ||
| CVE-2022-28167 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2022 | Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||
| CVE-2022-28164 | Med | 0.42 | 6.5 | 0.00 | May 6, 2022 | Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | ||
| CVE-2022-43937 | Med | 0.37 | 5.7 | 0.00 | Nov 21, 2024 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | ||
| CVE-2024-29964 | Med | 0.37 | 5.7 | 0.01 | Apr 19, 2024 | Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | ||
| CVE-2024-29951 | Med | 0.37 | 5.7 | 0.00 | Apr 17, 2024 | Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. |
- risk 0.49cvss 7.5epss 0.01
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
- risk 0.49cvss 7.5epss 0.01
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
- risk 0.49cvss 7.5epss 0.01
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
- risk 0.49cvss 7.5epss 0.01
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
- risk 0.49cvss 7.5epss 0.01
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
- risk 0.49cvss 7.5epss 0.00
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
- risk 0.48cvss 7.4epss 0.00
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
- risk 0.48cvss 7.4epss 0.01
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
- risk 0.47cvss 7.2epss 0.00
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
- risk 0.47cvss 7.2epss 0.01
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
- risk 0.44cvss 6.8epss 0.01
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
- risk 0.44cvss 6.8epss 0.00
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance,…
- risk 0.44cvss 6.8epss 0.00
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH…
- risk 0.42cvss 6.5epss 0.00
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
- risk 0.42cvss 6.5epss 0.00
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.
- risk 0.42cvss 6.5epss 0.01
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
- risk 0.42cvss 6.5epss 0.00
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
- risk 0.37cvss 5.7epss 0.00
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
- risk 0.37cvss 5.7epss 0.01
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
- risk 0.37cvss 5.7epss 0.00
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
Page 2 of 4