cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28168,https://securityvulnerability.io/vulnerability/CVE-2022-28168,Base64 Password Encoding Vulnerability in Brocade SANnav Products,"Brocade SANnav prior to v2.2.0.2 and v2.1.1.8 suffers from a vulnerability where encoded passwords for the SCP server are stored using Base64 encoding. This flawed encoding mechanism can allow attackers with access to log files to easily decode and retrieve sensitive passwords, posing a serious security risk to network environments relying on Brocade technology.",Broadcom,Brocade Sannav,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2022-06-27T17:52:02.000Z,0
CVE-2022-28167,https://securityvulnerability.io/vulnerability/CVE-2022-28167,Sensitive Information Exposure in Brocade Fabric OS Switches,"Brocade SANnav versions prior to 2.2.0.2 and 2.1.1.8 log sensitive switch passwords in plain text within the asyncjobscheduler-manager.log file. This exposure can lead to unauthorized access to the network, making it essential for users to update to secure versions to mitigate risks associated with this vulnerability.",Broadcom,Brocade Sannav,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-06-27T17:51:56.000Z,0
CVE-2022-28166,https://securityvulnerability.io/vulnerability/CVE-2022-28166,TLS/SSL Server Vulnerability in Brocade SANnav Software,The Brocade SANnav software is impacted by a vulnerability that allows the use of static key ciphers in the TLS/SSL server implementation on ports 443 and 18082. This configuration poses risks to the encryption integrity and can potentially lead to unauthorized access or data breaches if exploited. Users are urgently advised to upgrade to the latest versions of SANnav to mitigate this vulnerability.,Broadcom,Brocade Sannav,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2022-06-27T17:51:51.000Z,0
CVE-2022-28162,https://securityvulnerability.io/vulnerability/CVE-2022-28162,Exposure of REST API Authentication Token in Brocade SANnav by Broadcom,"Brocade SANnav versions before 2.2.0 unintentionally store REST API authentication tokens in plain text logs, posing a risk of unauthorized access. This oversight can allow malicious actors to capture sensitive tokens, leading to potential exploitation of the affected systems. Organizations using vulnerable versions should prioritize upgrading to mitigate the risk of sensitive data exposure.",Broadcom,Brocade Sannav,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-09T16:31:49.000Z,0
CVE-2022-28165,https://securityvulnerability.io/vulnerability/CVE-2022-28165,RBAC Vulnerability in Brocade SANNav Affects Security Policies,"A security flaw in the role-based access control (RBAC) implementation of Brocade SANNav versions prior to 2.2.0 allows authenticated remote attackers to gain unauthorized access. This vulnerability arises from insufficient server-side permission checks, enabling attackers to manipulate resources and execute actions beyond their intended privileges. Organizations using affected versions should apply necessary updates to mitigate potential exploitation.",Broadcom,Brocade Sannav,8.8,HIGH,0.0022799998987466097,false,,false,false,false,,,false,false,,2022-05-06T16:08:34.000Z,0
CVE-2022-28163,https://securityvulnerability.io/vulnerability/CVE-2022-28163,SQL Injection Vulnerability in Brocade SANnav Management Software,"Brocade SANnav versions prior to 2.2.0 exhibit a vulnerability in zone management endpoints allowing attackers to exploit SQL injection flaws. This could enable unauthorized execution of arbitrary SQL commands, posing a significant risk to database integrity and system security. Users are encouraged to update to the latest version to mitigate these vulnerabilities.",Broadcom,Brocade Sannav,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2022-05-06T16:01:38.000Z,0
CVE-2022-28164,https://securityvulnerability.io/vulnerability/CVE-2022-28164,Weak Encryption in Brocade SANnav Application Exposes Passwords,"The Brocade SANnav application, prior to version 2.2.0, implements the Blowfish symmetric encryption algorithm for storing passwords. This design choice poses a security risk, as an authenticated attacker could potentially employ decryption techniques to access and misuse stored account passwords, compromising the integrity and confidentiality of users' data.",Broadcom,Brocade Sannav,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2022-05-06T16:01:05.000Z,0
CVE-2020-15385,https://securityvulnerability.io/vulnerability/CVE-2020-15385,Directory Listing Vulnerability in Brocade SANnav by Broadcom,"The vulnerability in Brocade SANnav prior to version 2.1.1 allows an authenticated attacker to access directories and files that they do not have permission to view. This flaw permits users to enumerate sensitive folders and hidden files, as well as create new directories without authorization, which poses significant risks for data confidentiality and integrity.",Broadcom,Brocade Sannav,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-06-09T15:42:57.000Z,0
CVE-2020-15384,https://securityvulnerability.io/vulnerability/CVE-2020-15384,Information Disclosure Vulnerability in Brocade SANNav by Broadcom,"Brocade SANNav versions before 2.1.1 are susceptible to an information disclosure vulnerability. This flaw allows an attacker to exploit sensitive internal server information revealed in the initial login response header, potentially leading to unauthorized access or information leakage.",Broadcom,Brocade Sannav,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-06-09T15:42:52.000Z,0
CVE-2020-15387,https://securityvulnerability.io/vulnerability/CVE-2020-15387,Insecure SSH Key Length in Brocade Fabric OS and SANnav,"The SSH servers in Brocade Fabric OS prior to version 7.4.2h, 8.2.1c, 8.2.2, 9.0.0, and the Brocade SANnav prior to version 2.1.1 utilize encryption keys that are shorter than the recommended 2048 bits. This weakness may allow attackers to exploit man-in-the-middle attacks, potentially leading to unauthorized access and interception of sensitive data due to insecure SSH communications.",Broadcom,Brocade Sannav & Brocade Fabric Os,7.4,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2021-06-09T15:24:45.000Z,0
CVE-2020-15380,https://securityvulnerability.io/vulnerability/CVE-2020-15380,Account Credential Exposure in Brocade SANnav by Broadcom,"Brocade SANnav versions before 2.1.1 contain a vulnerability where account credentials are logged at the ‘trace’ logging level. This logging practice can lead to the unintended exposure of sensitive account details, putting systems at risk. Proper handling and safeguarding of account information in log files is essential to maintain security and prevent unauthorized access.",Broadcom,Brocade Sannav,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-06-09T15:15:27.000Z,0
CVE-2020-15379,https://securityvulnerability.io/vulnerability/CVE-2020-15379,Denial-of-Service Vulnerability in Brocade SANnav by Broadcom,"Brocade SANnav versions before 2.1.0a contain a vulnerability that may allow remote attackers to initiate a denial-of-service condition. This occurs due to inadequate validation of the length of user-supplied data when naming custom fields, leading to a situation where malformed input can disrupt service availability. Organizations using affected versions should prioritize updating their systems to safeguard against potential attacks. For more details, visit the Broadcom security advisory.",Broadcom,Brocade Sannav,7.5,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2021-06-09T15:15:19.000Z,0
CVE-2020-15378,https://securityvulnerability.io/vulnerability/CVE-2020-15378,Network Configuration Vulnerability in Brocade SANnav by Broadcom,"The OVA version of Brocade SANnav prior to version 2.1.1 with IPv6 networking configuration inadvertently exposes Docker container ports to the broader network. This misconfiguration can significantly increase the potential attack surface, creating opportunities for unauthorized access and exploitation by malicious actors. It is essential for organizations using Brocade SANnav to update their software to the latest version to mitigate this risk.",Broadcom,Brocade Sannav,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-06-09T15:15:11.000Z,0
CVE-2020-15377,https://securityvulnerability.io/vulnerability/CVE-2020-15377,Server-Side Request Forgery in Brocade SANnav Vulnerability,"The Webtools component in Brocade SANnav, prior to version 2.1.1, is susceptible to a configuration flaw that permits unauthenticated users to initiate requests to arbitrary hosts. This type of vulnerability, known as Server-Side Request Forgery (SSRF), can lead to potential information exposure and other security risks, as malicious actors can exploit this to interact with unintended servers.",Broadcom,Brocade Sannav,9.8,CRITICAL,0.0024300001095980406,false,,false,false,false,,,false,false,,2021-06-09T15:15:05.000Z,0
CVE-2020-15382,https://securityvulnerability.io/vulnerability/CVE-2020-15382,Weak Password Vulnerability in Brocade SANnav Network Management Software,"Brocade SANnav versions prior to 2.1.1 are affected by a vulnerability that utilizes a hard-coded administrator account with a weak default password of ‘passw0rd’. This occurs when a user does not specify a password for PostgreSQL during installation. Such weak security measures can be exploited, potentially granting unauthorized access to sensitive network configurations. It's crucial for users to upgrade to versions that rectify this flaw and implement robust password policies.",Broadcom,Brocade Sannav,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2021-06-09T14:32:23.000Z,0
CVE-2020-15381,https://securityvulnerability.io/vulnerability/CVE-2020-15381,Improper Authentication in Brocade SANnav Affects Cleartext Credential Transmission,"Brocade SANnav versions prior to 2.1.1 are susceptible to an improper authentication vulnerability. This issue facilitates the cleartext transmission of authentication credentials used by the jmx server, potentially exposing sensitive information during communication. It highlights the importance of securing authentication mechanisms to protect against unauthorized access and data breaches. Users of affected versions are strongly encouraged to update to the latest version to mitigate this security risk.",Broadcom,Brocade Sannav,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-06-09T14:32:17.000Z,0
CVE-2019-16211,https://securityvulnerability.io/vulnerability/CVE-2019-16211,Plaintext Password Storage Vulnerability in Brocade SANnav,"Brocade SANnav prior to version 2.1.0 is susceptible to a vulnerability that allows for storing passwords in plaintext. This practice poses significant security risks, as unauthorized users may gain access to sensitive information. It is crucial for users to upgrade to the latest version to mitigate these security concerns, ensuring that passwords are stored securely and enhancing overall data protection measures.",Broadcom,Brocade Sannav,9.8,CRITICAL,0.0024300001095980406,false,,false,false,false,,,false,false,,2020-09-25T13:08:13.000Z,0
CVE-2019-16212,https://securityvulnerability.io/vulnerability/CVE-2019-16212,Vulnerability in Brocade SANnav Leading to LDAP Injection Risk,"A vulnerability in Brocade SANnav prior to version 2.1.0 permits a remote authenticated attacker to perform LDAP injection, potentially allowing them to bypass authentication processes. This flaw could lead to unauthorized access to sensitive features or data within the network management system, posing significant security risks.",Broadcom,Brocade Sannav,8.8,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2020-09-25T13:07:20.000Z,0