Brocade SANnav Vulnerability Disclosures
Brocade Security Advisories posted on January 27, 2026
CVEs addressed in SANnav v3.0.0 and v2.4.0b
CVE-2025-12680
SANnav DataBase password in plain text is logged in failover logs
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36844
CVE-2025-12679
Plain text pbe key visible in audit log during migration from 2.4.0a to 3.0.0
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36845
CVE-2025-12772
Plaintext Switch admin login password is seen in Brocade SANnav support save 3.0.0
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36846
CVE-2025-12773
Plain password is logged in the audit logs while executing 'update-reports-purge-settings.sh' script
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36847
CVE-2025-21991
Nessus detected vulnerability in the Brocade SANnav OVA base image (CVE-2025-21991)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36804
CVE-2024-3661, CVE-2024-11187, CVE-2024-12797
Rocky Linux Updates applied to SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36805
CVE-2025-26465
Vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36806
CVE-2025-32728
The DisableForwarding directive does not fully adhere to the intended functionality as documented
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36639
CVE-2025-4207
PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36807
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36808
CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36809
CVE-2023-25194, CVE-2025-27819, CVE-2025-27818, CVE-2022-34917, CVE-2024-31141, CVE-2024-56128
Multiple Vulnerabilities in Apache Kafka
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36810
CVE-2024-9143
Low-level invalid GF(2^m) parameters lead to OOB memory access
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36811
CVE-2025-23165, CVE-2025-23166, CVE-2025-23167
Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36812
CVE-2025-50059, CVE-2025-30749, CVE-2025-50106, CVE-2025-23166, CVE-2025-30754
Oracle Java SE Updates (July 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36813
CVEs addressed in SANnav v3.0.0
CVE-2025-12774
SQL queries with sensitive information printed in logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36848
CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262
Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36814
CVE-2024-24549
DoS due to improper input validation vulnerability in Apache Tomcat
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36815
CVE-2025-4947, CVE-2025-5025
Curl vulnerabilities detected in SANnav images (CVE-2025-4947, CVE-2025-5025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36816
=======================================
Brocade Security Advisories posted on October 14, 2025
CVE addressed in SANnav v2.4.0a
CVE-2024-12243
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36219
=======================================
Brocade Security Advisories posted on July 8, 2025
CVE addressed in SANnav v2.4.0a
CVE-2025-4662
Plaintext security passwords are logged in the audit logs while executing openssl cmd
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35908
CVE-2025-6390
Cleartext storage of sensitive information in Brocade SANnav server audit logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35909
CVE-2025-6392
Daily Data Dump Collector logs database password in cleartext when running docker exec commands
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35910
Multiple Rocky Linux updates applied to Brocade SANnav OVA 2.4.0a
OVA base image related vulnerabilities
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35918
CVE-2025-0395
GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35919
CVE-2025-23083, CVE-2024-54534, CVE-2024-47606, CVE-2025-21587, CVE-2025-30698, CVE-2025-30691
Oracle Java SE Multiple Vulnerabilities (April 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35911
CVE-2025-0509, CVE-2025-21502
Oracle Java SE Multiple Vulnerabilities (January 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35912
CVE-2024-36138, CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21211, CVE-2024-21208, CVE-2024-21217
Oracle Java SE Multiple Vulnerabilities (October 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35913
CVE-2025-0509, CVE-2025-21502
Azul Zulu Java Multiple Vulnerabilities (January 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35914
CVE-2024-36138, CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21211, CVE-2024-21208, CVE-2024-21217
Azul Zulu Java Multiple Vulnerabilities (October 2025)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35915
CVE-2025-1094, CVE-2024-10979, CVE-2024-10978, CVE-2024-10977, CVE-2024-10976, CVE-2024-7348, CVE-2024-1597
Multiple vulnerabilities detected in PostgreSQL
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35916
CVE-2024-47561
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35917
CVE addressed in SANnav v2.4.0a and v2.3.1b
CVE-2022-48687
Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35920
=======================================
Brocade Security Advisories posted on February 27, 2025
CVEs addressed in SANnav v2.3.1b and v2.4.0
CVE-2024-32487
less Vulnerable to Arbitrary Code Execution via OS Command Execution via newline Character in Filename
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25432
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
(PSIRT Risk: Low for SANnav)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25430
=======================================
Brocade Security Advisories posted on February 13, 2025
CVEs addressed in SANnav v2.3.1b and v2.4.0
ROCKY LINUX Upgrade for RLSA-2024:5530, RLSA-2024:5101, RLSA-2024:4583, RLSA-2024:3501, RLSA-2024:3513, RLSA-2024:3619, RLSA-2024:4349, RLSA-2024:4078, RLSA-2024:2758, RLSA-2024:2758
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25398
CVE-2025-1053
Encryption key is logged in the debug logs
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25399
CVE-2024-4282
Weak TLS Ciphers on Brocade OVA SSH port 22
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25400
CVE-2024-2240
Docker implementation in Brocade SANnav is missing audit rules
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25401
CVE-2024-10405
Weak TLS Ciphers on port 443 and 18082
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25402
CVE-2024-10404
Clear text password seen in switch-asset-collectors-mw for supportsave
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25403
CVE-2024-4317
PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25404
CVE-2024-2398, CVE-2024-2466, CVE-2024-2004, CVE-2024-0853
Multiple CURL vulnerabilities in Brocade SANnav OVA deployments before SANnav 2.3.1b
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25405
CVE-2024-0985
PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25406
CVE-2023-5870
PostgreSQL Vulnerable to Denial-of-Service (DoS) in 'pg_signal_backend()'
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25407
CVE-2022-38178
ISC BIND 9 Vulnerable to Denial-of-Service (DoS) via Memory Leaks in EdDSA DNSSEC Verification
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25408
AZUL Zulu Java -- July 2024 Update
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25409
Oracle Critical Patch Update Advisory -- July 2024
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25410
CVE-2024-25710, CVE-2024-26308
Apache Commons Vulnerabilities
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25411
CVE-2024-1597
PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25412
CVE-2023-34455
snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25413
CVE-2022-48174
Stack overflow vulnerability in ash.c:6030 in busybox before 1.35 can be executed from command to arbitrary code execution.
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25414
CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25415
=======================================
Previously Disclosed Security Advisories
Rocky Linux OVA updates: kernel (RLSA-2024:8856) expat (RLSA-2024:9502, RLSA-2024-6989) bzip2 (RLSA-2024:8922) krb5 (RLSA-2024:8860) and python3 (RLSA-2024:6975)
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25416
CVE-2024-29018
By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25073
CVE-2024-26923
Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35818
CVE-2023-0394
Linux Kernel Vulnerable to Denial-of-Service (DoS) via NULL Pointer Dereference in 'rawv6_push_pending_frames()' Function in 'raw.c' File
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35817
CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE
(PSIRT Risk for SANnav: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24994
CVE-2024-6387
Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24691
CVE-2022-2068
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22396
CVE-2024-2860
The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24260
CVE-2023-51385
OpenSSH is vulnerable to an OS command injection issue due to how user name and host name values are processed and referenced by expansion tokens.
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
CVE-2023-42795
Apache Tomcat - Information disclosure
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25158
CVE-2023-5869
Buffer overrun from integer overflow in array modification
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25092
CVE-2023-5868
PostgreSQL Memory disclosure in aggregate function calls
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25093
CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918
Oracle Critical Patch Update Advisory - January 2024
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25160
CVE-2023-22025, CVE-2023-22067, CVE-2023-22081
Azul Zulu Java Multiple Vulnerabilities (2023-10-17)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25159
CVE-2024-23653, CVE-2024-21626
Container vulnerabilities in Brocade SANnav docker containers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25074
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24987
CVE-2024-29969
TLS/SSL weak message authentication code ciphers are added by default for port 18082
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23251
CVE-2024-29968
SQL Table names, column names, and SQL queries are collected in DR standby Supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23253
CVE-2024-29966
hard-coded credential in the documentation that appear as the root password
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23255
CVE-2024-29961
Ping at regular intervals
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
CVE-2024-29959
Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node support save
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23243
CVE-2024-29958
Encryption key in the console
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23242
CVE-2024-29957
The encryption key is stored in the DR log files
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23241
CVE-2023-39417
Extension script @substitutions@ within quoting allow SQL injection
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23259
CVE-2024-29965
A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250
CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249
CVE-2024-29962
Insecure file permission setting that makes files world-readable
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23248
CVE-2024-29960
Identical SSH keys utilized inside the OVA image
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23244
CVE-2024-29956
cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23240
CVE-2024-29955
SANnav encrypted key in PostgreSQL startup logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23239
CVE-2024-29952
plaintext passwords storage in logs by manipulating command variables
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238
CVE-2024-29951
SHA-1 hash in internal SSH ports that are not open to remote connection
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23237
CVE-2024-29950
The class FileTransfer implemented uses the ssh-rsa signature scheme
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23236
CVE-2024-4159
SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23282
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23256
CVE-2023-39410
Apache Avro Java SDK vulnerable to Improper Input Validation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23262
CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049
Azul Zulu Java Multiple Vulnerabilities (July 2023 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23263
CVE-2023-22041, CVE-2023-25193, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006
Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23260
CVE-2023-20863
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23257
CVE-2023-20861
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23261
CVE-2024-29967
Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254
CVE-2024-29963
Hardcoded TLS keys used by Docker
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23247
CVE-2024-4161
Syslog traffic sent in clear-text
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23284
CVE-2023-31424
Web authentication and authorization bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22507
CVE-2024-2859
By default, SANnav OVA is shipped with root user login enabled
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23245
CVE-2023-31925
Storage of clear text password in Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22506
CVE-2023-31423
Possible information exposure through log file vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22508
CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22454
CVE-2022-43937
Sensitive fields are recorded in the debug-enabled logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22509
CVE-2022-41946
Vulnerable postgresql component found in SANnav RPM package
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22502
CVE-2022-40664
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22449
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22450
CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399
Azul Zulu Java Multiple Vulnerabilities (Oct 2022 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22461
CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22463
CVE-2022-2625
PostgreSQL vulnerability in SANnav 2.2.0.2
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22465
CVE-2016-1000027
Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22456
CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22448
CVE-2022-22950
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22503
CVE-2022-21449, CVE-2022-21476, CVE-2022-21426
Oracle Java SE Multiple Vulnerabilities (Apr 2022 CPU update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22462
CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365
Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22464
CVE-2018-17190
An improper access control vulnerability has been discovered in Apache Spark
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22460
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22459
CVE-2017-7657
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22458
CVE-2015-1315
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22457
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
October 14, 2024 |
|
1.1 |
Additional BSAs for security vulnerabilities posted on November 2nd, 2024 for SANnav 2.3.1a and 2.3.0a |
November 12, 2024 |
|
1.2 |
Updated with CVE-2023-51385 posting |
January 7, 2025 |
|
2.0 |
Brocade SANnav 2.3.1b and 2.4.0 security postings |
February 13, 2025 |
|
2.1 |
Updated with CVE-2024-32487, CVE-2024-38428, CVE-2024-29018 postings |
February 27, 2025 |
|
2.2 |
Two BSA updates for SANnav Base OS (OVA deployment) releases |
June 10, 2025 |
|
2.3 |
Update SANnav 2.4.0a security postings |
July 8, 2025 |
|
3.0 |
Brocade SANnav 3.0.0 and 2.4.0b security postings |
January 27, 2026 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.