Broadcom Brocade Sannav vulnerabilities

CVE-2025-6390 [MEDIUM] CWE-497 CVE-2025-6390: Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit l Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or a

CVE-2025-4662 [MEDIUM] CWE-497 CVE-2025-4662: Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server aud Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only vis

CVE-2025-6392 [MEDIUM] CWE-532 CVE-2025-6392: Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANna

CVE-2024-4282 [HIGH] CWE-327 CVE-2024-4282: Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

CVE-2024-10405 [MEDIUM] CWE-327 CVE-2024-10405: Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a s Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwo

CVE-2024-2240 [HIGH] CWE-250 CVE-2024-2240: Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

CVE-2025-1053 [HIGH] CWE-532 CVE-2025-1053: Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.

CVE-2024-10404 [MEDIUM] CWE-312 CVE-2024-10404: CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that con

CVE-2022-43934 [MEDIUM] CWE-327 CVE-2022-43934: Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered we Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.

CVE-2022-43937 [MEDIUM] CWE-532 CVE-2022-43937: Possible information exposure through log file vulnerability where sensitive fields are recorded in Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a

CVE-2022-43936 [MEDIUM] CWE-532 CVE-2022-43936: Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enable Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.

CVE-2022-43935 [MEDIUM] CWE-532 CVE-2022-43935: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANna An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.

CVE-2022-43933 [MEDIUM] CWE-538 CVE-2022-43933: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANna An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.

CVE-2024-2860 [HIGH] CWE-306 CVE-2024-2860: The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

CVE-2024-2859 [MEDIUM] CWE-276 CVE-2024-2859: By default, SANnav OVA is shipped with root user login enabled. While protected by a password, acce By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.

CVE-2024-4173 [HIGH] CWE-200 CVE-2024-4173: A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allo A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

CVE-2024-4161 [HIGH] CWE-319 CVE-2024-4161: In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could all In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.

CVE-2024-4159 [MEDIUM] CWE-200 CVE-2024-4159: Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which coul Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

CVE-2024-29966 [HIGH] CWE-798 CVE-2024-29966: Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation tha Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

CVE-2024-29960 [MEDIUM] CWE-798 CVE-2024-29960: In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.