CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28163
https://notcve.org/view.php?id=CVE-2022-28163
06 May 2022 — In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. En Brocade SANnav versiones anteriores a Brocade SANnav versión 2.2.0, varios endpoints asociados a la administración de zonas son susceptibles de inyección SQL, lo que permite a un atacante ejecutar comandos SQL arbitrarios • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1842 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28164
https://notcve.org/view.php?id=CVE-2022-28164
06 May 2022 — Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. La aplicación Brocade SANnav versiones anteriores a SANnav versión 2.2.0, usa el algoritmo de cifrado simétrico Blowfish para el almacenamiento de contraseñas. Esto podría permitir a un atacante autentificado descifrar las contraseñas de las cuentas almacenadas • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1843 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 15%CPEs: 42EXPL: 3CVE-2022-23305 – SQL injection in JDBC Appender in Apache Log4j V1
https://notcve.org/view.php?id=CVE-2022-23305
18 Jan 2022 — By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not... • https://github.com/HynekPetrak/log4shell-finder • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-23302 – Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
https://notcve.org/view.php?id=CVE-2022-23302
18 Jan 2022 — JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which i... • http://www.openwall.com/lists/oss-security/2022/01/18/3 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15385
https://notcve.org/view.php?id=CVE-2020-15385
09 Jun 2021 — Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. Brocade SANNav versiones anteriores a 2.1.1, permite a un atacante autenticado listar directorios, y listar archivos sin permiso. Como resultado, los usuarios sin permiso pueden visualizar carpetas y archivos ocultos, y pueden crear directorios sin permiso • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1486 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15384
https://notcve.org/view.php?id=CVE-2020-15384
09 Jun 2021 — Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. Brocade SANNav versiones anteriores a 2.1.1, contiene una vulnerabilidad de divulgación de información. Una explotación con éxito de la información interna del servidor en la encabezado de respuesta de inicio de sesión • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1485 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15387
https://notcve.org/view.php?id=CVE-2020-15387
09 Jun 2021 — The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-mid... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15380
https://notcve.org/view.php?id=CVE-2020-15380
09 Jun 2021 — Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Brocade SANNav versiones anteriores a 2.1.1, registra las credenciales de la cuenta en el nivel de registro "trace" • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1482 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15379
https://notcve.org/view.php?id=CVE-2020-15379
09 Jun 2021 — Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Brocade SANnav versiones anteriores a 2.1.0a, podía permitir a atacantes remotos causar una condición de denegación de servicio debido a una falta de comprobación apropiada, de la longitud de los datos suministrados por el usuario como como el nombre del campo personalizado • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1319 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15378
https://notcve.org/view.php?id=CVE-2020-15378
09 Jun 2021 — The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. La versión OVA de Brocade SANNav versiones anteriores a 2.1.1, de instalación con red IPv6 expone los puertos del contenedor Docker a la red, incrementando la superficie de ataque potencial • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1481 •