SANnav
by Brocade
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31423 | Med | 0.37 | 5.7 | 0.00 | Aug 31, 2023 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected… | ||
| CVE-2024-10404 | Med | 0.36 | 5.5 | 0.00 | Feb 14, 2025 | CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges… | ||
| CVE-2024-29962 | Med | 0.36 | 5.5 | 0.00 | Apr 19, 2024 | Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. | ||
| CVE-2024-29952 | Med | 0.36 | 5.5 | 0.00 | Apr 17, 2024 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | ||
| CVE-2022-33187 | Med | 0.36 | 5.5 | 0.00 | Dec 9, 2022 | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | ||
| CVE-2022-28161 | Med | 0.36 | 5.5 | 0.00 | May 9, 2022 | An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the… | ||
| CVE-2019-16210 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2019 | Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | ||
| CVE-2019-16206 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2019 | The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | ||
| CVE-2023-31925 | Med | 0.35 | 5.4 | 0.00 | Aug 31, 2023 | Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed… | ||
| CVE-2020-15385 | Med | 0.35 | 5.4 | 0.01 | Jun 9, 2021 | Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | ||
| CVE-2020-15378 | Med | 0.35 | 5.3 | 0.01 | Jun 9, 2021 | The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | ||
| CVE-2024-10405 | Med | 0.34 | 5.3 | 0.00 | Feb 15, 2025 | Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs,… | ||
| CVE-2022-43935 | Med | 0.34 | 5.3 | 0.00 | Nov 21, 2024 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | ||
| CVE-2020-15384 | Med | 0.34 | 5.3 | 0.01 | Jun 9, 2021 | Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | ||
| CVE-2024-29955 | Med | 0.33 | 5.0 | 0.00 | Apr 17, 2024 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||
| CVE-2025-1053 | Med | 0.32 | 4.9 | 0.00 | Feb 14, 2025 | Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords… | ||
| CVE-2025-6392 | Med | 0.29 | 4.4 | 0.00 | Jul 10, 2025 | Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only… | ||
| CVE-2025-6390 | Med | 0.29 | 4.4 | 0.00 | Jul 10, 2025 | Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the… | ||
| CVE-2025-4662 | Med | 0.29 | 4.4 | 0.00 | Jul 10, 2025 | Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server… | ||
| CVE-2022-43933 | Med | 0.29 | 4.4 | 0.00 | Nov 21, 2024 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include… |
- risk 0.37cvss 5.7epss 0.00
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected…
- risk 0.36cvss 5.5epss 0.00
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges…
- risk 0.36cvss 5.5epss 0.00
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.
- risk 0.36cvss 5.5epss 0.00
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
- risk 0.36cvss 5.5epss 0.00
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
- risk 0.36cvss 5.5epss 0.00
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the…
- risk 0.36cvss 5.5epss 0.00
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
- risk 0.36cvss 5.5epss 0.00
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
- risk 0.35cvss 5.4epss 0.00
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed…
- risk 0.35cvss 5.4epss 0.01
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
- risk 0.35cvss 5.3epss 0.01
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
- risk 0.34cvss 5.3epss 0.00
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs,…
- risk 0.34cvss 5.3epss 0.00
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
- risk 0.34cvss 5.3epss 0.01
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
- risk 0.33cvss 5.0epss 0.00
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
- risk 0.32cvss 4.9epss 0.00
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords…
- risk 0.29cvss 4.4epss 0.00
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only…
- risk 0.29cvss 4.4epss 0.00
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the…
- risk 0.29cvss 4.4epss 0.00
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server…
- risk 0.29cvss 4.4epss 0.00
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include…
Page 3 of 4