Skip to main content

Sannav CVE-2025-12773

MEDIUM
Error Message Information Leak (CWE-209)
2026-02-03 sirt@brocade.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 01:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

AnalysisAI

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. [CVSS 6.5 MEDIUM]

Technical ContextAI

Classified as CWE-209 (Error Message Information Leak). Affects Sannav. A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More in Sannav

View all
CVE-2022-28163 CRITICAL
9.8 May 06

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL

CVE-2022-28165 HIGH
8.8 May 06

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an

CVE-2025-12774 HIGH
7.5 Feb 03

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries

CVE-2022-28168 HIGH
7.5 Jun 27

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored usin

CVE-2022-28166 HIGH
7.5 Jun 27

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Sup

CVE-2022-2068 HIGH
7.3 Jun 21

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehas

CVE-2025-12679 MEDIUM
6.5 Feb 02

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the syst

CVE-2022-28167 MEDIUM
6.5 Jun 27

Brocade SANnav before Brocade SANvav v. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, lo

CVE-2022-28164 MEDIUM
6.5 May 06

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passw

CVE-2020-13401 MEDIUM
6.0 Jun 02

An issue was discovered in Docker Engine before 19.03.11. Rated medium severity (CVSS 6.0), this vulnerability is remote

CVE-2022-28161 MEDIUM
5.5 May 09

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allo

CVE-2025-12772 MEDIUM
4.9 Feb 02

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM

Share

CVE-2025-12773 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy