Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sannav vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-28161
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local malicious user to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, th...
Brocade Sannav
7.5
CVSSv3
CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
Broadcom Sannav
8.8
CVSSv3
CVE-2022-28165
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav prior to 2.2.0 could allow an authenticated, remote malicious user to access resources that they should not be able to access and perform actions that they should not be able to perform. T...
Broadcom Sannav
6.5
CVSSv3
CVE-2022-28167
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
Broadcom Sannav
3.3
CVSSv3
CVE-2022-28162
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
Broadcom Sannav
9.8
CVSSv3
CVE-2022-28163
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an malicious user to run arbitrary SQL commands.
Broadcom Sannav
6.5
CVSSv3
CVE-2022-28164
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated malicious user to decrypt stored account passwords.
Broadcom Sannav
7.5
CVSSv3
CVE-2022-28166
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav prior to 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
Broadcom Sannav
7.5
CVSSv3
CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
Broadcom Sannav
5.4
CVSSv3
CVE-2020-15385
Brocade SANnav before version 2.1.1 allows an authenticated malicious user to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
Broadcom Sannav
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »