CVE-2022-23305 — CVSS 9.8 (critical): By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are…
CVE-2024-3596 — CVSS 9.0 (critical): RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept…
CVE-2019-16212 — CVSS 8.8 (high): A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The…
CVE-2022-23302 — CVSS 8.8 (high): JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j…
CVE-2019-16205 — CVSS 8.8 (high): A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability…
CVE-2024-29959 — CVSS 8.6 (high): A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav…
CVE-2024-4161 — CVSS 8.6 (high): In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker…
CVE-2024-29961 — CVSS 8.2 (high): A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the…
CVE-2023-31424 — CVSS 8.1 (high): Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and…
CVE-2019-16207 — CVSS 7.8 (high): Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end…
CVE-2024-2860 — CVSS 7.8 (high): The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker…
CVE-2024-29968 — CVSS 7.7 (high): An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in…
CVE-2024-4173 — CVSS 7.6 (high): A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform…
CVE-2024-29966 — CVSS 7.5 (high): Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root…
CVE-2019-16208 — CVSS 7.5 (high): Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may…
CVE-2020-15379 — CVSS 7.5 (high): Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the…
CVE-2024-29950 — CVSS 7.5 (high): The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The…
CVE-2024-29957 — CVSS 7.5 (high): When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log…
CVE-2024-29958 — CVSS 7.5 (high): A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the…
CVE-2024-29969 — CVSS 7.5 (high): When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code…
CVE-2019-16209 — CVSS 7.4 (high): A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a…
CVE-2020-15387 — CVSS 7.4 (high): The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1…
CVE-2020-15382 — CVSS 7.2 (high): Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not…
CVE-2024-2240 — CVSS 7.2 (high): Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker…
CVE-2024-29960 — CVSS 6.8 (medium): In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is…
CVE-2024-29965 — CVSS 6.8 (medium): In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface…
CVE-2024-2859 — CVSS 6.8 (medium): By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a…
CVE-2022-43936 — CVSS 6.8 (medium): Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
CVE-2024-29956 — CVSS 6.5 (medium): A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a…
CVE-2022-43934 — CVSS 6.5 (medium): Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and…
CVE-2022-43937 — CVSS 5.7 (medium): Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging…
CVE-2023-31423 — CVSS 5.7 (medium): Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking…
CVE-2024-29951 — CVSS 5.7 (medium): Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
CVE-2024-29964 — CVSS 5.7 (medium): Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who…
CVE-2022-33187 — CVSS 5.5 (medium): Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with…
CVE-2024-10404 — CVSS 5.5 (medium): CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an…
CVE-2024-29952 — CVSS 5.5 (medium): A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store…
CVE-2019-16206 — CVSS 5.5 (medium): The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug'…
CVE-2019-16210 — CVSS 5.5 (medium): Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
CVE-2024-29962 — CVSS 5.5 (medium): Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a…
CVE-2023-31925 — CVSS 5.4 (medium): Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these…
CVE-2022-43935 — CVSS 5.3 (medium): An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch…
CVE-2024-10405 — CVSS 5.3 (medium): Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read…
CVE-2024-29955 — CVSS 5.0 (medium): A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL…
CVE-2025-1053 — CVSS 4.9 (medium): Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a…
CVE-2025-4662 — CVSS 4.4 (medium): Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command…
CVE-2025-6390 — CVSS 4.4 (medium): Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under…
CVE-2025-6392 — CVSS 4.4 (medium): Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector…
CVE-2022-43933 — CVSS 4.4 (medium): An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets…
CVE-2024-29967 — CVSS 4.4 (medium): In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount…
CVE-2024-4159 — CVSS 4.3 (medium): Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to…
CVE-2024-29963 — CVSS 1.9 (low): Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to…