Brocade Brocade Sannav
30 CVEs affecting Brocade Brocade Sannav. Latest disclosed: 2025-02-15. Critical: 1, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4282 | Critical | 9.8 | 2025-02-15 | Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. |
CVE-2024-4161 | High | 8.6 | 2024-04-25 | In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitiv… |
CVE-2024-29959 | High | 8.6 | 2024-04-19 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support sa… |
CVE-2024-29961 | High | 8.2 | 2024-04-19 | A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular interva… |
CVE-2024-2860 | High | 7.8 | 2024-05-08 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM wh… |
CVE-2024-29968 | High | 7.7 | 2024-04-19 | An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mo… |
CVE-2024-4173 | High | 7.6 | 2024-04-25 | A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, i… |
CVE-2024-29969 | High | 7.5 | 2024-04-19 | When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added b… |
CVE-2024-29966 | High | 7.5 | 2024-04-19 | Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerabilit… |
CVE-2024-29958 | High | 7.5 | 2024-04-19 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the… |
CVE-2024-29957 | High | 7.5 | 2024-04-19 | When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could pr… |
CVE-2024-29950 | High | 7.5 | 2024-04-17 | The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could… |
CVE-2024-2240 | High | 7.2 | 2025-02-14 | Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various at… |
CVE-2024-2859 | Medium | 6.8 | 2024-04-27 | By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should… |
CVE-2024-29965 | Medium | 6.8 | 2024-04-19 | In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The result… |
CVE-2024-29960 | Medium | 6.8 | 2024-04-19 | In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnn… |
CVE-2024-29956 | Medium | 6.5 | 2024-04-18 | A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch… |
CVE-2024-29964 | Medium | 5.7 | 2024-04-19 | Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the serv… |
CVE-2024-29951 | Medium | 5.7 | 2024-04-17 | Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. |
CVE-2024-10404 | Medium | 5.5 | 2025-02-14 | CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker… |