BSA-2019-869
21611
28 October 2019
28 October 2019
Closed
Low
6.7
N/A
CVE-2019-16210
Summary Security Advisory ID : BSA-2019-869 Component : SANnav Revision : 1.0
An information exposure vulnerability, in Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. The vulnerability could allow an authenticated local malicious user with access to the support save file to obtain the exposed password to use it in further attacks. The vulnerability could be exploited only if the database service is exposed outside, which requires root level access, to the server where SANnav is installed.
References
CWE-532: Information Exposure through Log Files.
Product Confirmed Non Vulnerable
No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | October 28, 2019 |