CVE-2022-28168

CWE-9224 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 44.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Sannav
Timeline
PublishedJun 27
Latest updateJun 28

Description

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade_sannavversions before v2.2.0.2 and v2.1.1.8
NVDbroadcom/sannav2.2.0.02.2.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-x4cf-f39j-p3gv: In Brocade SANnav before Brocade SANnav v22022-06-28
CVEList
CVE-2022-28168: In Brocade SANnav before Brocade SANnav v22022-06-27

📋Vendor Advisories

1
Oracle
Oracle Oracle Communications Risk Matrix: Policy (Eclipse Jersey) — CVE-2021-281682022-04-15
CVE-2022-28168 (HIGH CVSS 7.5) | In Brocade SANnav before Brocade SA | cvebase.io