Brocade SANnav Vulnerability Disclosures
Brocade Security Advisories
==================================================
Previously disclosed Brocade Security Advisories
CVEs addressed in SANnav v2.3.1a and v2.3.0a
CVE-2024-2860
The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24260
CVEs addressed in SANnav v2.3.1 and v2.3.0a
CVE-2024-29969
TLS/SSL weak message authentication code ciphers are added by default for port 18082
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23251
CVE-2024-29968
SQL Table names, column names, and SQL queries are collected in DR standby Supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23253
CVE-2024-29966
hard-coded credential in the documentation that appear as the root password
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23255
CVE-2024-29961
Ping at regular intervals
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
CVE-2024-29959
Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node support save
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23243
CVE-2024-29958
Encryption key in the console
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23242
CVE-2024-29957
The encryption key is stored in the DR log files
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23241
CVE-2023-39417
Extension script @substitutions@ within quoting allow SQL injection
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23259
CVE-2024-29965
A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250
CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249
CVE-2024-29962
Insecure file permission setting that makes files world-readable
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23248
CVE-2024-29960
Identical SSH keys utilized inside the OVA image
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23244
CVE-2024-29956
cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23240
CVE-2024-29955
SANnav encrypted key in PostgreSQL startup logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23239
CVE-2024-29952
plaintext passwords storage in logs by manipulating command variables
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238
CVE-2024-29951
SHA-1 hash in internal SSH ports that are not open to remote connection
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23237
CVE-2024-29950
The class FileTransfer implemented uses the ssh-rsa signature scheme
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23236
CVE-2024-4159
SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23282
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23256
CVE-2023-39410
Apache Avro Java SDK vulnerable to Improper Input Validation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23262
CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049
Azul Zulu Java Multiple Vulnerabilities (July 2023 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23263
CVE-2023-22041, CVE-2023-25193, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006
Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23260
CVE-2023-20863
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23257
CVE-2023-20861
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23261
CVE-2024-29967
Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254
CVE-2024-29963
Hardcoded TLS keys used by Docker
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23247
CVEs addressed in SANnav v2.3.1 and v2.3.0
CVE-2024-4161
Syslog traffic sent in clear-text
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23284
CVE-2023-31424
Web authentication and authorization bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22507
CVE-2024-2859
By default, SANnav OVA is shipped with root user login enabled
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23245
CVE-2023-31925
Storage of clear text password in Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22506
CVE-2023-31423
Possible information exposure through log file vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22508
CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22454
CVE-2022-43937
Sensitive fields are recorded in the debug-enabled logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22509
CVE-2022-41946
Vulnerable postgresql component found in SANnav RPM package
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22502
CVE-2022-40664
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22449
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22450
CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399
Azul Zulu Java Multiple Vulnerabilities (Oct 2022 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22461
CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22463
CVE-2022-2625
PostgreSQL vulnerability in SANnav 2.2.0.2
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22465
CVE-2016-1000027
Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22456
CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22448
CVE-2022-22950
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22503
CVE-2022-21449, CVE-2022-21476, CVE-2022-21426
Oracle Java SE Multiple Vulnerabilities (Apr 2022 CPU update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22462
CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365
Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22464
CVE-2018-17190
An improper access control vulnerability has been discovered in Apache Spark
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22460
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22459
CVE-2017-7657
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22458
CVE-2015-1315
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22457
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
October 14, 2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.