CVE-2024-29952Cleartext Storage of Sensitive Info in Brocade Sannav

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 81.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Sannav
Timeline
PublishedApr 17
Latest updateApr 18

Description

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/brocade_sannavbefore v2.3.1 and v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-xrr4-j32g-hj8m: A vulnerability in Brocade SANnav before v22024-04-18
CVEList
Clear text storage of sensistive information by manipulating command variables2024-04-17
CVE-2024-29952 — Cleartext Storage of Sensitive Info | cvebase