Brocade Sannav
Monthly
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVE-2025-6390 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
CVE-2025-4662 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. Rated high severity (CVSS 8.6), this vulnerability is no authentication required. No vendor patch available.
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVE-2025-6390 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
CVE-2025-4662 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. Rated high severity (CVSS 8.6), this vulnerability is no authentication required. No vendor patch available.
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.