CVE-2022-28164Use of a Broken or Risky Cryptographic Algorithm in Sannav

CWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-326Inadequate Encryption Strength4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom SannavBroadcom Brocade Sannav
Timeline
PublishedMay 6
Latest updateMay 7

Description

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5broadcom/brocade_sannavBrocade SANNav before 2.2.0
NVDbroadcom/sannav< 2.2.0

🔴Vulnerability Details

2
GHSA
GHSA-7qf4-rmvc-8mv4: Brocade SANnav before SANnav 22022-05-07
CVEList
CVE-2022-28164: Brocade SANnav before SANnav 22022-05-06

📋Vendor Advisories

1
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Framework (Apache Ignite) — CVE-2021-281642022-01-15
CVE-2022-28164 — Broadcom Sannav vulnerability | cvebase