cbcvebase.

Broadcom Brocade Sannav vulnerabilities

51 known vulnerabilities affecting broadcom/brocade_sannav.

Total CVEs
51
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH18MEDIUM27LOW1

Vulnerabilities

Page 3 of 3
CVE-2024-29952P4MEDIUMCVSS 5.5fixed in 2.3.0a2024-04-17
CVE-2024-29952 [MEDIUM] CWE-312 CVE-2024-29952: A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to pri A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
nvd
CVE-2019-16210P4MEDIUMCVSS 5.5fixed in 2.02019-11-08
CVE-2019-16210 [MEDIUM] CWE-311 CVE-2019-16210: Brocade SANnav versions before v2.0, logs plain text database connection password while triggering s Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
nvd
CVE-2024-29955P4MEDIUMCVSS 5.5fixed in 2.3.0a2024-04-17
CVE-2024-29955 [MEDIUM] CWE-532 CVE-2024-29955: A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print t A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
nvd
CVE-2022-33187P4MEDIUMCVSS 4.9fixed in 2.2.12022-12-09
CVE-2022-33187 [MEDIUM] CWE-532 CVE-2022-33187: Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulner Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
nvd
CVE-2025-4662P4MEDIUMCVSS 4.4fixed in 2.4.0avbefore SANnav 2.4.0a2025-07-10
CVE-2025-4662 [MEDIUM] CWE-497 CVE-2025-4662: Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server aud Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only vis
nvd
CVE-2025-6392P4MEDIUMCVSS 4.4fixed in 2.4.0avBrocade SANnav versions before 2.4.0a2025-07-10
CVE-2025-6392 [MEDIUM] CWE-532 CVE-2025-6392: Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANna
nvd
CVE-2022-43935P4MEDIUMCVSS 4.4fixed in 2.2.22024-11-21
CVE-2022-43935 [MEDIUM] CWE-532 CVE-2022-43935: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANna An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
nvd
CVE-2025-6390P4MEDIUMCVSS 4.4fixed in 2.4.0avbefore SANnav 2.4.0a2025-07-10
CVE-2025-6390 [MEDIUM] CWE-497 CVE-2025-6390: Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit l Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or a
nvd
CVE-2022-43933P4MEDIUMCVSS 4.4fixed in 2.2.22024-11-21
CVE-2022-43933 [MEDIUM] CWE-538 CVE-2022-43933: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANna An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
nvd
CVE-2024-10404P4MEDIUMCVSS 4.4fixed in 2.3.1b2025-02-14
CVE-2024-10404 [MEDIUM] CWE-312 CVE-2024-10404: CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that cont
nvd
CVE-2024-29963P4LOWCVSS 3.8fixed in 2.3.0a2024-04-19
CVE-2024-29963 [LOW] CWE-798 CVE-2024-29963: Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Bro Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
nvd
Broadcom Brocade Sannav vulnerabilities | cvebase