Oracle Critical Patch Update Advisory - January 2024 (CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918)

Brocade SANnav

0 more products

25160

11 November 2024

02 November 2024

CLOSED

LOW

CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918

Brocade Security Advisory ID

BSA-2024-2487

Component

Oracle Java

 

 

Summary

Brocade SANnav has provided a Security update for the JAVA vulnerabilities below.

  • CVE-2024-20952
  • CVE-2024-20945
  • CVE-2024-20926
  • CVE-2024-20921
  • CVE-2024-20919
  • CVE-2024-20918

Products Affected

Brocade SANnav contains the vulnerable code, however these CVEs are non-exploitable within the product [VEX Justification: vulnerable_code_not_in_execute_path]

Products Under Investigation

  • Brocade Fabric OS [Component_not_present]
  • Brocade ASCG [Component_not_present]

Solution

While Brocade SANnav is Not Affected, a security update is provided in Brocade SANnav 2.3.1a and 2.3.0a

Revision History

Version

Change

Date

1.0

Initial Publication

November 2, 2024

1,1

PSIRT assessed risk changed to Low. SANnav contains the vulnerable code, but is not exploitable.

November 11, 2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.