CVE-2023-31423Cleartext Storage of Sensitive Info in Brocade Sannav

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUMNVD
CNA5.7
EPSS
0.0%
top 87.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Sannav
Timeline
PublishedAug 31

Description

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/sannavBrocade SANnav before v2.3.0 and 2.2.2a

🔴Vulnerability Details

2
CVEList
Possible information exposure through log file vulnerability2023-08-31
GHSA
GHSA-x6g3-wgpm-qhcq: Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade S2023-08-31
CVE-2023-31423 — Cleartext Storage of Sensitive Info | cvebase