15 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. La interfaz web Brocade SANnav v2.3.0 y v2.2.2a permite a usuarios remotos no autenticados eludir la autenticación y autorización web. • https://security.netapp.com/advisory/ntap-20240229-0004 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. Posible exposición de información a través de la vulnerabilidad del archivo de registro donde se guardan campos sensibles en el registro de configuración sin enmascarar en Brocade SANnav antes de v2.3.0 y 2.2.2a. Notas: Para acceder a los registros, el atacante local debe tener acceso a una salida "supportsave" de Brocade SANnav ya recopilada. • https://security.netapp.com/advisory/ntap-20240229-0003 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22508 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Brocade SANnav anterior a v2.2.1 registra nombres de usuarios y contraseñas codificadas en registros habilitados para depuración. La vulnerabilidad podría permitir que un atacante con privilegios de administrador lea información confidencial. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-middle y/o a comunicaciones SSH no seguras • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •