CVE-2020-15384
https://notcve.org/view.php?id=CVE-2020-15384
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. Brocade SANNav versiones anteriores a 2.1.1, contiene una vulnerabilidad de divulgación de información. Una explotación con éxito de la información interna del servidor en la encabezado de respuesta de inicio de sesión • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1485 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-15387
https://notcve.org/view.php?id=CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-middle y/o a comunicaciones SSH no seguras • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •
CVE-2020-15380
https://notcve.org/view.php?id=CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Brocade SANNav versiones anteriores a 2.1.1, registra las credenciales de la cuenta en el nivel de registro "trace" • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1482 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-15379
https://notcve.org/view.php?id=CVE-2020-15379
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Brocade SANnav versiones anteriores a 2.1.0a, podía permitir a atacantes remotos causar una condición de denegación de servicio debido a una falta de comprobación apropiada, de la longitud de los datos suministrados por el usuario como como el nombre del campo personalizado • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1319 • CWE-20: Improper Input Validation •
CVE-2020-15378
https://notcve.org/view.php?id=CVE-2020-15378
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. La versión OVA de Brocade SANNav versiones anteriores a 2.1.1, de instalación con red IPv6 expone los puertos del contenedor Docker a la red, incrementando la superficie de ataque potencial • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1481 •