Brocade Communications Systems Inc Brocade Sannav vulnerabilities
6 known vulnerabilities affecting brocade_communications_systems_inc/brocade_sannav.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-16207HIGHCVSS 7.8vversions before v2.02019-11-08
CVE-2019-16207 [HIGH] CWE-798 CVE-2019-16207: Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
cvelistv5nvd
CVE-2019-16208HIGHCVSS 7.5vversions before v2.02019-11-08
CVE-2019-16208 [HIGH] CWE-327 CVE-2019-16208: Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
cvelistv5nvd
CVE-2019-16209HIGHCVSS 7.4vversions before v2.02019-11-08
CVE-2019-16209 [HIGH] CWE-295 CVE-2019-16209: A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allo
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
cvelistv5nvd
CVE-2019-16205HIGHCVSS 8.8vversions before v2.02019-11-08
CVE-2019-16205 [HIGH] CWE-330 CVE-2019-16205: A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
cvelistv5nvd
CVE-2019-16206MEDIUMCVSS 5.5vversions before v2.02019-11-08
CVE-2019-16206 [MEDIUM] CWE-311 CVE-2019-16206: The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credent
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
cvelistv5nvd
CVE-2019-16210MEDIUMCVSS 5.5vversions before v2.02019-11-08
CVE-2019-16210 [MEDIUM] CWE-311 CVE-2019-16210: Brocade SANnav versions before v2.0, logs plain text database connection password while triggering s
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
cvelistv5nvd