Every CVE whose affected-product data names Broadcom Sannav, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2022-28163 — CVSS 9.8 (critical): In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection…
CVE-2020-15377 — CVSS 9.8 (critical): Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration…
CVE-2022-28165 — CVSS 8.8 (high): A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated…
CVE-2020-15381 — CVSS 7.5 (high): Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication…
CVE-2022-28168 — CVSS 7.5 (high): In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding…
CVE-2022-28166 — CVSS 7.5 (high): In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of…
CVE-2025-12774 — CVSS 7.5 (high): A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2022-28164 — CVSS 6.5 (medium): Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could…
CVE-2022-28167 — CVSS 6.5 (medium): Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in…
CVE-2025-12679 — CVSS 6.5 (medium): A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file…
CVE-2025-12773 — CVSS 6.5 (medium): A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav…
CVE-2020-13401 — CVSS 6.0 (medium): An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6…
CVE-2020-15385 — CVSS 5.4 (medium): Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result…
CVE-2020-15378 — CVSS 5.3 (medium): The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network…
CVE-2020-15384 — CVSS 5.3 (medium): Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server…
CVE-2025-12680 — CVSS 4.9 (medium): Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery…
CVE-2025-12772 — CVSS 4.9 (medium): Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade…
CVE-2022-28162 — CVSS 3.3 (low): Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.