CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43936 – Brocade Fabric OS switch passwords when debugging is enabled
https://notcve.org/view.php?id=CVE-2022-43936
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21218 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43933 – configuration secrets are logged in support-save
https://notcve.org/view.php?id=CVE-2022-43933
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4173 – SANnav versions exposes Kafka in the wan interface.
https://notcve.org/view.php?id=CVE-2024-4173
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. Una vulnerabilidad en las versiones ova de Brocade SANnav anteriores a Brocade SANnav v2.3.1 y v2.3.0a expone a Kafka en la interfaz wan. La vulnerabilidad podría permitir que un atacante no autenticado realice varios ataques, incluido DOS, el dispositivo Brocade SANnav. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23285 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28161
https://notcve.org/view.php?id=CVE-2022-28161
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. Una vulnerabilidad de exposición de información a través de archivos de registro en Brocade SANNav versiones anteriores a Brocade SANnav 2.2.0, podría permitir a un atacante local autenticado visualizar información confidencial como las contraseñas ssh en filetansfer.log en modo de depuración. Para explotar esta vulnerabilidad, el atacante necesitaría tener credenciales de usuario válidas y habilitar el modo de depuración • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840 • CWE-532: Insertion of Sensitive Information into Log File •