Broadcom Brocade Sannav vulnerabilities
51 known vulnerabilities affecting broadcom/brocade_sannav.
Total CVEs
51
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH18MEDIUM27LOW1
Vulnerabilities
Page 1 of 3
CVE-2024-29966P2CRITICALCVSS 9.8fixed in 2.3.0a2024-04-19
CVE-2024-29966 [CRITICAL] CWE-798 CVE-2024-29966: Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation tha
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
nvd
CVE-2023-31424P2CRITICALCVSS 9.8fixed in 2.2.2a2023-08-31
CVE-2023-31424 [CRITICAL] CWE-290 CVE-2023-31424: Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote unauthenticated users to bypass web authentication and
authorization.
nvd
CVE-2024-4173P3CRITICALCVSS 9.8fixed in 2.2.02024-04-25
CVE-2024-4173 [CRITICAL] CWE-200 CVE-2024-4173: A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allo
A vulnerability in Brocade SANnav exposes Kafka in the wan interface.
The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
nvd
CVE-2019-16212P3HIGHCVSS 8.8fixed in 2.1.0vBrocade SANnav versions before v2.1.02020-09-25
CVE-2019-16212 [HIGH] CVE-2019-16212: A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
nvd
CVE-2024-2859P3HIGHCVSS 7.2fixed in 2.3.02024-04-27
CVE-2024-2859 [HIGH] CWE-276 CVE-2024-2859: By default, SANnav OVA is shipped with root user login enabled. While protected by a password, acce
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
nvd
CVE-2024-29961P3HIGHCVSS 8.2fixed in 2.3.0a2024-04-19
CVE-2024-29961 [HIGH] CWE-200 CVE-2024-29961: A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Broca
nvd
CVE-2024-4282P3CRITICALCVSS 9.8fixed in 2.3.1b2025-02-15
CVE-2024-4282 [CRITICAL] CWE-327 CVE-2024-4282: Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
nvd
CVE-2019-16211P3CRITICALCVSS 9.8fixed in 2.1.0vBrocade SANnav versions before v2.1.02020-09-25
CVE-2019-16211 [CRITICAL] CWE-522 CVE-2019-16211: Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
nvd
CVE-2024-4161P3HIGHCVSS 7.5fixed in 2.3.02024-04-25
CVE-2024-4161 [HIGH] CWE-319 CVE-2024-4161: In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could all
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
nvd
CVE-2024-2240P3HIGHCVSS 7.2fixed in 2.3.1b2025-02-14
CVE-2024-2240 [HIGH] CWE-250 CVE-2024-2240: Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
nvd
CVE-2024-29959P3HIGHCVSS 8.6fixed in 2.3.0a2024-04-19
CVE-2024-29959 [HIGH] CWE-532 CVE-2024-29959: A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypte
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
nvd
CVE-2024-2860P3HIGHCVSS 7.8fixed in 2.3.0av2.3.12024-05-08
CVE-2024-2860 [HIGH] CWE-306 CVE-2024-2860: The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
nvd
CVE-2024-29969P3HIGHCVSS 7.5≥ 2.2.2, < 2.3.0a2024-04-19
CVE-2024-29969 [HIGH] CWE-326 CVE-2024-29969: When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, T
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
nvd
CVE-2019-16205P3HIGHCVSS 8.8fixed in 2.02019-11-08
CVE-2019-16205 [HIGH] CWE-330 CVE-2019-16205: A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
nvd
CVE-2024-29957P3HIGHCVSS 7.5fixed in 2.3.0a2024-04-19
CVE-2024-29957 [HIGH] CWE-532 CVE-2024-29957: When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
nvd
CVE-2019-16208P3HIGHCVSS 7.5fixed in 2.02019-11-08
CVE-2019-16208 [HIGH] CWE-327 CVE-2019-16208: Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
nvd
CVE-2020-15382P3HIGHCVSS 7.2fixed in 2.1.1vBrocade SANnav before version 2.1.12021-06-09
CVE-2020-15382 [HIGH] CWE-798 CVE-2020-15382: Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
nvd
CVE-2022-43934P3HIGHCVSS 7.5fixed in 2.2.22024-11-21
CVE-2022-43934 [HIGH] CWE-327 CVE-2022-43934: Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered we
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
nvd
CVE-2024-29960P3HIGHCVSS 7.5fixed in 2.3.0a2024-04-19
CVE-2024-29960 [HIGH] CWE-798 CVE-2024-29960: In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.
nvd
CVE-2019-16207P3HIGHCVSS 7.8fixed in 2.02019-11-08
CVE-2019-16207 [HIGH] CWE-798 CVE-2019-16207: Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
nvd
1 / 3Next →