Vulnerabilites related to Brocade Communications Systems, Inc. - Brocade SANnav
cve-2019-16210
Vulnerability from cvelistv5
Published
2019-11-08 17:05
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:05:38",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16210",
"datePublished": "2019-11-08T17:05:38",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16206
Vulnerability from cvelistv5
Published
2019-11-08 17:18
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the \u2018trace\u2019 and the \u0027debug\u0027 logging level; which could allow a local authenticated attacker to access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:18:31",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the \u2018trace\u2019 and the \u0027debug\u0027 logging level; which could allow a local authenticated attacker to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16206",
"datePublished": "2019-11-08T17:18:31",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16205
Vulnerability from cvelistv5
Published
2019-11-08 17:17
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:20:08",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16205",
"datePublished": "2019-11-08T17:17:16",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16209
Vulnerability from cvelistv5
Published
2019-11-08 17:19
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Certificate Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:19:12",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16209",
"datePublished": "2019-11-08T17:19:12",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16207
Vulnerability from cvelistv5
Published
2019-11-08 17:02
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-866 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:02:32",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-866",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16207",
"datePublished": "2019-11-08T17:02:32",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16208
Vulnerability from cvelistv5
Published
2019-11-08 17:03
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-867 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade SANnav |
Version: versions before v2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "versions before v2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:03:39",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav",
"version": {
"version_data": [
{
"version_value": "versions before v2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-867",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16208",
"datePublished": "2019-11-08T17:03:39",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}