Brocade Brocade Sannav

30 CVEs affecting Brocade Brocade Sannav. Latest disclosed: 2025-02-15. Critical: 1, High: 12.

Top CVEs affecting Brocade Brocade Sannav
CVESeverityScorePublishedSummary
CVE-2024-4282Critical9.82025-02-15Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVE-2024-4161High8.62024-04-25In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitiv…
CVE-2024-29959High8.62024-04-19A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support sa…
CVE-2024-29961High8.22024-04-19A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular interva…
CVE-2024-2860High7.82024-05-08The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM wh…
CVE-2024-29968High7.72024-04-19An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mo…
CVE-2024-4173High7.62024-04-25 A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, i…
CVE-2024-29969High7.52024-04-19When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added b…
CVE-2024-29966High7.52024-04-19Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerabilit…
CVE-2024-29958High7.52024-04-19A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the…
CVE-2024-29957High7.52024-04-19When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could pr…
CVE-2024-29950High7.52024-04-17The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could…
CVE-2024-2240High7.22025-02-14Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various at…
CVE-2024-2859Medium6.82024-04-27By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should…
CVE-2024-29965Medium6.82024-04-19 In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The result…
CVE-2024-29960Medium6.82024-04-19 In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnn…
CVE-2024-29956Medium6.52024-04-18A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch…
CVE-2024-29964Medium5.72024-04-19Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the serv…
CVE-2024-29951Medium5.72024-04-17Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
CVE-2024-10404Medium5.52025-02-14CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker…