Broadcom Brocade Sannav vulnerabilities

CVE-2019-16208 [HIGH] CWE-327 CVE-2019-16208: Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

CVE-2019-16209 [HIGH] CWE-295 CVE-2019-16209: A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allo A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

CVE-2019-16205 [HIGH] CWE-330 CVE-2019-16205: A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

CVE-2019-16206 [MEDIUM] CWE-311 CVE-2019-16206: The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credent The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

CVE-2019-16210 [MEDIUM] CWE-311 CVE-2019-16210: Brocade SANnav versions before v2.0, logs plain text database connection password while triggering s Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.