CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-31424 – Web authentication and authorization bypass
https://notcve.org/view.php?id=CVE-2023-31424
31 Aug 2023 — Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. La interfaz web Brocade SANnav v2.3.0 y v2.2.2a permite a usuarios remotos no autenticados eludir la autenticación y autorización web. • https://security.netapp.com/advisory/ntap-20240229-0004 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31423 – Possible information exposure through log file vulnerability
https://notcve.org/view.php?id=CVE-2023-31423
31 Aug 2023 — Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. Posible exposición de información a través de la vulnerabilidad del archivo de registro donde se guardan campos sensibles en el registro de configuración sin enmascarar en Brocade SANnav antes de v2.3.0 y ... • https://security.netapp.com/advisory/ntap-20240229-0003 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31925 – Storage of clear text password in Brocade SANnav
https://notcve.org/view.php?id=CVE-2023-31925
31 Aug 2023 — Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credencia... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33187 – Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs
https://notcve.org/view.php?id=CVE-2022-33187
09 Dec 2022 — Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Brocade SANnav anterior a v2.2.1 registra nombres de usuarios y contraseñas codificadas en registros habilitados para depuración. La vulnerabilidad podría permitir que un atacante con privilegios de administrador lea información confidencial. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28168
https://notcve.org/view.php?id=CVE-2022-28168
27 Jun 2022 — In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. En Brocade SANnav versiones anteriores a Brocade SANnav versión 2.2.0.2 y Brocade SANnav versión 2.1.1.8, las contraseñas codificadas del servidor scp son almacenadas usando codificación Base64, lo que podría permitir a un atacante capaz de acceder a los archivos de registro descifrar ... • https://security.netapp.com/advisory/ntap-20220627-0003 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28167
https://notcve.org/view.php?id=CVE-2022-28167
27 Jun 2022 — Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log Brocade SANnav versiones anteriores a Brocade SANvav versión 2.2.0.2 y Brocade SANanv versión 2.1.1.8, registra la contraseña del conmutador Brocade Fabric OS en texto plano en el archivo asyncjobscheduler-manager.log • https://security.netapp.com/advisory/ntap-20220627-0002 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28166
https://notcve.org/view.php?id=CVE-2022-28166
27 Jun 2022 — In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. En Brocade SANnav versiones anteriores a SANN2.2.0.2 y Brocade SANNav versiones anteriores a 2.1.1.8, la implementación del servidor TLS/SSL admite el uso de cifrados de clave estática (ssl-static-key-ciphers) en los puertos 443 y 18082 • https://security.netapp.com/advisory/ntap-20220627-0001 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 71%CPEs: 50EXPL: 1CVE-2022-2068 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-2068
21 Jun 2022 — In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where... • https://packetstorm.news/files/id/182466 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28162
https://notcve.org/view.php?id=CVE-2022-28162
09 May 2022 — Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Brocade SANnav versiones hasta SANnav 2.2.0, registra el token de autenticación de la API REST en texto plano • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1841 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28165
https://notcve.org/view.php?id=CVE-2022-28165
06 May 2022 — A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. Una vulnerabilidad en la funcionalidad de control de acceso basado en roles (RBAC) de Broca... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844 •