CVE-2022-43935

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21219	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 18:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
First Time		Broadcom brocade Sannav Broadcom
Summary		(es) Existe una exposición de información a través de una vulnerabilidad de archivo de registro en Brocade SANnav anterior a Brocade SANnav 2.2.2, donde las contraseñas y las identificaciones de autorización de Brocade Fabric OS Switch se imprimen en el archivo MLS DB integrado.
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21219 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21219 - Vendor Advisory

21 Nov 2024, 13:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-21 11:15

Updated : 2025-02-04 18:16

NVD link : CVE-2022-43935

Mitre link : CVE-2022-43935

CVE.ORG link : CVE-2022-43935

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-43935", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-11-21T11:15:14.363", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21219", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file."}, {"lang": "es", "value": "Existe una exposici\u00f3n de informaci\u00f3n a trav\u00e9s de una vulnerabilidad de archivo de registro en Brocade SANnav anterior a Brocade SANnav 2.2.2, donde las contrase\u00f1as y las identificaciones de autorizaci\u00f3n de Brocade Fabric OS Switch se imprimen en el archivo MLS DB integrado."}], "lastModified": "2025-02-04T18:16:02.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC77C573-F6AD-451A-B543-682C9276861D", "versionEndExcluding": "2.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}