Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
brocade

Brocade SANnav

12 Versions 25 CVEs

Versions

before SANnav v2.3.0a

OTHER 1 CVE

versions before Brocade SANnav v2.3.1, v2.3.0a

OTHER 1 CVE

before v2.3.1 and v2.3.0a

OTHER 11 CVEs

before Brocade SANnav v2.31 and v2.3.0a

OTHER 1 CVE

Brocade SANnav before v2.3.0 and v2.2.2a

OTHER 1 CVE

before v2.3.0

OTHER 1 CVE

before v2.3.1, and v2.3.0a

OTHER 3 CVEs

before v2.3.0a

OTHER 2 CVEs

All Versions

OTHER 1 CVE

v2.3.0

OTHER 1 CVE

Brocade SANnav versions before v2.2.1

OTHER 1 CVE

before v2.3.1, v2.3.0a

OTHER 1 CVE

Recent CVEs

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

HIGH May 08, 2024

CVE-2024-2859

By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.

MEDIUM Apr 27, 2024

CVE-2024-4173

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

HIGH Apr 25, 2024

CVE-2024-4161

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.

HIGH Apr 25, 2024

CVE-2024-4159

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

MEDIUM Apr 25, 2024

CVE-2024-29969

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.

HIGH Apr 19, 2024

CVE-2024-29964

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

MEDIUM Apr 19, 2024

CVE-2024-29960

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

MEDIUM Apr 19, 2024

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

MEDIUM Apr 17, 2024

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.

MEDIUM Apr 17, 2024