CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15377
https://notcve.org/view.php?id=CVE-2020-15377
09 Jun 2021 — Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). Las herramientas web de Brocade SANNav versiones anteriores a 2.1.1, permiten a usuarios no autenticados realizar peticiones a hosts arbitrarios debido a una configuración errónea; esto se conoce comúnmente como vulnerabilidad de tipo Server-Side Request Forgery (SSRF) • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1480 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15382
https://notcve.org/view.php?id=CVE-2020-15382
09 Jun 2021 — Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. Brocade SANnav versiones anteriores a 2.1.1, usa una cuenta de administrador codificada con la contraseña débil "passw0rd" si no es proporcionado una contraseña para PostgreSQL en el momento de la instalación • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1484 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15381
https://notcve.org/view.php?id=CVE-2020-15381
09 Jun 2021 — Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Brocade SANnav versiones anteriores a 2.1.1, contiene una vulnerabilidad de Autenticación Inapropiada que permite la transmisión de texto sin cifrar de las credenciales de autenticación del servidor jmx • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1483 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16211
https://notcve.org/view.php?id=CVE-2019-16211
25 Sep 2020 — Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. Brocade SANnav versiones anteriores a v2.1.0, contienen una vulnerabilidad de almacenamiento de contraseña de texto plano • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1076 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16212
https://notcve.org/view.php?id=CVE-2019-16212
25 Sep 2020 — A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. Una vulnerabilidad en Brocade SANnav versiones anteriores a v2.1.0, podría permitir a un atacante autenticado remoto llevar a cabo una inyección del LDAP. La vulnerabilidad podría permitir a un atacante remoto omitir el proceso de autenticación • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1074 •
CVSS: 6.0EPSS: 13%CPEs: 5EXPL: 1CVE-2020-13401 – Debian Security Advisory 4716-1
https://notcve.org/view.php?id=CVE-2020-13401
02 Jun 2020 — An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Se detectó un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede diseñar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener información confidenc... • https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16209
https://notcve.org/view.php?id=CVE-2019-16209
08 Nov 2019 — A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. Una vulnerabilidad, en la clase The ReportsTrustManager de Brocade SANnav versiones anteriores a v2.0, podría permitir a un atacante realizar un ataque man-in-the-middle contra conexiones Secure Sockets Layer (SSL). • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16206
https://notcve.org/view.php?id=CVE-2019-16206
08 Nov 2019 — The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. El mecanismo de autenticación, en las versiones de Brocade SANnav anteriores a la versión v2.0, registra las credenciales de la cuenta de texto sin formato en el nivel de registro de "rastreo" y "depuración"; lo que podría permitir que un atacante autenticado local acceda a info... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865 • CWE-311: Missing Encryption of Sensitive Data CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16205
https://notcve.org/view.php?id=CVE-2019-16205
08 Nov 2019 — A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. Una vulnerabilidad, en Brocade SANnav versiones anteriores a v2.0, podría permitir a atacantes remotos forzar mediante fuerza bruta un ID de sesión válido. La vulnerabilidad es debido a un ID de sesión insuficientemente aleatorio para varias acciones posteriores a ... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16210
https://notcve.org/view.php?id=CVE-2019-16210
08 Nov 2019 — Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. Brocade SANnav versiones anteriores a v2.0, registra una contraseña de conexión de base de datos de texto plano mientras activa el guardado de soporte. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869 • CWE-311: Missing Encryption of Sensitive Data CWE-532: Insertion of Sensitive Information into Log File •