Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6392 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.4 MEDIUM |
| Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | |||||
| CVE-2025-6390 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.4 MEDIUM |
| Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | |||||
| CVE-2025-4662 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.4 MEDIUM |
| Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | |||||
| CVE-2025-1053 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.9 MEDIUM |
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | |||||
| CVE-2024-4282 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 9.8 CRITICAL |
| Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | |||||
| CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.6 HIGH |
| A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | |||||
| CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 8.6 HIGH |
| In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | |||||
| CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.3 MEDIUM |
| Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | |||||
| CVE-2024-3596 | 3 Broadcom, Freeradius, Sonicwall | 4 Brocade Sannav, Fabric Operating System, Freeradius and 1 more | 2026-06-17 | N/A | 9.0 CRITICAL |
| RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | |||||
| CVE-2024-2860 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.8 HIGH |
| The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | |||||
| CVE-2024-2859 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 6.8 MEDIUM |
| By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | |||||
| CVE-2024-2240 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.2 HIGH |
| Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | |||||
| CVE-2024-29969 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.5 HIGH |
| When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | |||||
| CVE-2024-29968 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.7 HIGH |
| An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | |||||
| CVE-2024-29967 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 4.4 MEDIUM |
| In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. | |||||
| CVE-2024-29966 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 7.5 HIGH |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | |||||
| CVE-2024-29965 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 6.8 MEDIUM |
| In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | |||||
| CVE-2024-29964 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 5.7 MEDIUM |
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | |||||
| CVE-2024-29963 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 1.9 LOW |
| Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | |||||
| CVE-2024-29962 | 1 Broadcom | 1 Brocade Sannav | 2026-06-17 | N/A | 5.5 MEDIUM |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. | |||||