CVE-2024-2860

CWE-306Missing Authentication3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 76.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedMay 8

Description

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDbroadcom/brocade_sannav< 2.3.0a+1
CVEListV5brocade/brocade_sannavbefore SANnav v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-3h5f-xp24-j3p4: The PostgreSQL implementation in Brocade SANnav versions before 22024-05-08
CVEList
CVE-2024-2860: The PostgreSQL implementation in Brocade SANnav versions before 22024-05-08
CVE-2024-2860 (HIGH CVSS 7.8) | The PostgreSQL implementation in Br | cvebase.io