CVE-2022-28165Missing Authorization in Sannav

CWE-862Missing Authorization5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom SannavBroadcom Brocade Sannav
Timeline
PublishedMay 6
Latest updateOct 15

Description

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5broadcom/brocade_sannavBrocade SANNav before 2.2.0
NVDbroadcom/sannav< 2.2.0

🔴Vulnerability Details

2
GHSA
GHSA-mpvq-g86j-p48m: A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 22022-05-07
CVEList
CVE-2022-28165: A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 22022-05-06

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Eclipse Jetty) — CVE-2021-281652022-10-15
Oracle
Oracle Oracle REST Data Services Risk Matrix: General (Eclipse Jetty) — CVE-2021-281652022-01-15
CVE-2022-28165 — Missing Authorization in Sannav | cvebase