CVE-2019-16206 — Missing Encryption of Sensitive Data in Brocade Sannav

CWE-311 — Missing Encryption of Sensitive Data CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Sannav Brocade Communications Systems INC Brocade Sannav

Timeline

PublishedNov 8

Latest updateMay 24

Description

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/brocade_sannav< 2.0

▶CVEListV5brocade_communications_systems_inc/brocade_sannavversions before v2.0

🔴Vulnerability Details

GHSA

GHSA-gqfm-5hj3-5hpj: The authentication mechanism, in Brocade SANnav versions before v2↗2022-05-24

▶

CVEList

CVE-2019-16206: The authentication mechanism, in Brocade SANnav versions before v2↗2019-11-08

▶