The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw (CVE-2024-2860)

Brocade SANnav

0 more products

24260

21 May 2024

08 May 2024

CLOSED

HIGH

7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2024-2860

Brocade Security Advisory ID

BSA-2024-2580

Component

PostgreSQL

 

 

Summary

The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw.  An attacker with access to the VM where the Brocade SANnav is installed can gain access to sensitive data inside the Postgres
database.

Products Affected

Brocade SANnav before Brocade SANnav v2.3.0a

Solution

The security update is provided in Brocade SANnav v2.3.0a, v2.3.1a, and later releases.

Credit

Pierre Barre reported the issue to Brocade.

Revision History

Version

Change

Date

1.0

Initial Publication

5/21/2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.