CVE-2023-31424 – Web authentication and authorization bypass
https://notcve.org/view.php?id=CVE-2023-31424
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. La interfaz web Brocade SANnav v2.3.0 y v2.2.2a permite a usuarios remotos no autenticados eludir la autenticación y autorización web. • https://security.netapp.com/advisory/ntap-20240229-0004 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507 • CWE-290: Authentication Bypass by Spoofing •
CVE-2023-31423 – Possible information exposure through log file vulnerability
https://notcve.org/view.php?id=CVE-2023-31423
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. Posible exposición de información a través de la vulnerabilidad del archivo de registro donde se guardan campos sensibles en el registro de configuración sin enmascarar en Brocade SANnav antes de v2.3.0 y 2.2.2a. Notas: Para acceder a los registros, el atacante local debe tener acceso a una salida "supportsave" de Brocade SANnav ya recopilada. • https://security.netapp.com/advisory/ntap-20240229-0003 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22508 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-31925 – Storage of clear text password in Brocade SANnav
https://notcve.org/view.php?id=CVE-2023-31925
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-33187 – Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs
https://notcve.org/view.php?id=CVE-2022-33187
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Brocade SANnav anterior a v2.2.1 registra nombres de usuarios y contraseñas codificadas en registros habilitados para depuración. La vulnerabilidad podría permitir que un atacante con privilegios de administrador lea información confidencial. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-28168
https://notcve.org/view.php?id=CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. En Brocade SANnav versiones anteriores a Brocade SANnav versión 2.2.0.2 y Brocade SANnav versión 2.1.1.8, las contraseñas codificadas del servidor scp son almacenadas usando codificación Base64, lo que podría permitir a un atacante capaz de acceder a los archivos de registro descifrar fácilmente las contraseñas • https://security.netapp.com/advisory/ntap-20220627-0003 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979 • CWE-922: Insecure Storage of Sensitive Information •