VYPR

Vendor CVEs

Brocade

All CVEs

148 total · sorted by risk
  • CVE-2016-8205CriJan 14, 2017
    risk 0.65cvss 9.8epss 0.13

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-8204CriJan 14, 2017
    risk 0.64cvss 9.8epss 0.07

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-8202HigMay 8, 2017
    risk 0.57cvss 8.8epss 0.03

    A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.…

  • CVE-2016-8201HigJan 14, 2017
    risk 0.52cvss 8.0epss 0.00

    A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.

  • CVE-2018-6439HigDec 3, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2016-8207HigJan 14, 2017
    risk 0.50cvss 7.5epss 0.15

    A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.

  • CVE-2016-8206HigJan 14, 2017
    risk 0.50cvss 7.5epss 0.15

    A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.

  • CVE-2022-27775HigJun 2, 2022
    risk 0.49cvss 7.5epss 0.03

    An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

  • CVE-2016-8209HigMay 8, 2017
    risk 0.49cvss 7.5epss 0.01

    Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management…

  • CVE-2016-8203HigOct 31, 2016
    risk 0.49cvss 7.5epss 0.02

    A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.

  • CVE-2022-22576HigMay 26, 2022
    risk 0.46cvss 8.1epss 0.02

    An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects…

  • CVE-2017-6227MedFeb 8, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router…

  • CVE-2017-6225MedFeb 8, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based…

  • CVE-2022-27774MedJun 2, 2022
    risk 0.37cvss 5.7epss 0.02

    An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on…

  • CVE-2025-1976KEVApr 24, 2025
    risk 0.12cvss epss 0.01

    Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

  • CVE-2018-6443Jan 22, 2019
    risk 0.04cvss epss 0.07

    A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote…

  • CVE-2013-6810Dec 12, 2013
    risk 0.04cvss epss 0.17

    The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable…

  • CVE-2026-0869Mar 3, 2026
    risk 0.00cvss epss 0.00

    Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within…

  • CVE-2025-58381Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different…

  • CVE-2025-9711Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.

  • CVE-2025-58380Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.

  • CVE-2026-0383Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

  • CVE-2025-58379Feb 3, 2026
    risk 0.00cvss epss 0.00

    Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.

  • CVE-2025-58383Feb 3, 2026
    risk 0.00cvss epss 0.01

    A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.

  • CVE-2025-58382Feb 3, 2026
    risk 0.00cvss epss 0.01

    A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, …

  • CVE-2025-12774Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such…

  • CVE-2025-12773Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to…

  • CVE-2025-12772Feb 2, 2026
    risk 0.00cvss epss 0.00

    Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in…

  • CVE-2025-12679Feb 2, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The…

  • CVE-2025-12680Feb 2, 2026
    risk 0.00cvss epss 0.00

    Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave…

  • CVE-2025-7397Jul 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history…

  • CVE-2025-6392Jul 10, 2025
    risk 0.00cvss epss 0.00

    Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only…

  • CVE-2025-6390Jul 10, 2025
    risk 0.00cvss epss 0.00

    Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the…

  • CVE-2025-4662Jul 10, 2025
    risk 0.00cvss epss 0.00

    Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server…

  • CVE-2025-4663Jul 8, 2025
    risk 0.00cvss epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using…

  • CVE-2025-4661Jun 19, 2025
    risk 0.00cvss epss 0.00

    A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the…

  • CVE-2024-5461Feb 15, 2025
    risk 0.00cvss epss 0.00

    Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP…

  • CVE-2024-5462Feb 14, 2025
    risk 0.00cvss epss 0.00

    If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if…

  • CVE-2024-4282Feb 14, 2025
    risk 0.00cvss epss 0.00

    Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

  • CVE-2024-10405Feb 14, 2025
    risk 0.00cvss epss 0.00

    Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs,…

  • CVE-2024-2240Feb 14, 2025
    risk 0.00cvss epss 0.00

    Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

  • CVE-2025-1053Feb 14, 2025
    risk 0.00cvss epss 0.00

    Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords…

  • CVE-2024-10404Feb 14, 2025
    risk 0.00cvss epss 0.00

    CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges…

  • CVE-2024-7517Nov 21, 2024
    risk 0.00cvss epss 0.01

    A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only…

  • CVE-2024-10403Nov 21, 2024
    risk 0.00cvss epss 0.01

    Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via…

  • CVE-2022-43937Nov 21, 2024
    risk 0.00cvss epss 0.00

    Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a

  • CVE-2022-43936Nov 21, 2024
    risk 0.00cvss epss 0.01

    Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.

  • CVE-2022-43935Nov 21, 2024
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.

  • CVE-2022-43934Nov 21, 2024
    risk 0.00cvss epss 0.00

    Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.

  • CVE-2022-43933Nov 21, 2024
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include…

Page 1 of 3