RSS   Vulnerabilities for 'Brocade sannav'   RSS

2019-11-08
 
CVE-2019-16210

CWE-532
 

 
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

 
 
CVE-2019-16209

CWE-295
 

 
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

 
 
CVE-2019-16208

CWE-327
 

 
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

 
 
CVE-2019-16207

CWE-798
 

 
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.

 
 
CVE-2019-16206

CWE-532
 

 
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

 
 
CVE-2019-16205

CWE-330
 

 
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

 

 >>> Vendor: Broadcom 23 Products
Bcmwl5.sys wireless device driver
Widcomm bluetooth
Bluetooth stack
Broadcom
Broadcom linux
Bcm4325
Bcm4329
Pipa c211 web interface
Pipa c211
Bcm4339 soc firmware
Hardmac wi-fi soc firmware
Bcm43xx wi-fi chipset firmware
Bcm4355c0 firmware
Ca identity governance
Bcm4335c0 firmware
Bcm43438a1 firmware
Ca client automation
Ca workload automation ae
Brocade sannav
Ca automic dollar universe
Ca automic sysload
Brcmfmac driver
Unified infrastructure management


Copyright 2020, cxsecurity.com

 

Back to Top