CVE-2022-28161Log File Information Exposure in Sannav

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Brocade SannavBroadcom Brocade Sannav
Timeline
PublishedMay 9
Latest updateMay 10

Description

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDbrocade/sannav< 2.2.0
CVEListV5broadcom/brocade_sannavBrocade SANNav before 2.2.0

🔴Vulnerability Details

2
GHSA
GHSA-2qpf-6hhx-qxxg: An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 22022-05-10
CVEList
CVE-2022-28161: An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 22022-05-09
CVE-2022-28161 — Log File Information Exposure | cvebase