CVE-2022-28167Insufficiently Protected Credentials in Sannav

CWE-522Insufficiently Protected CredentialsCWE-922Insecure Storage of Sensitive Information3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom SannavBroadcom Brocade Sannav
Timeline
PublishedJun 27
Latest updateJun 28

Description

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5broadcom/brocade_sannavversions before v2.2.0.2 and v2.1.1.8
NVDbroadcom/sannav2.2.0.02.2.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-2c9f-95gh-crpj: Brocade SANnav before Brocade SANvav v2022-06-28
CVEList
CVE-2022-28167: Brocade SANnav before Brocade SANvav v2022-06-27
CVE-2022-28167 — Insufficiently Protected Credentials | cvebase