Summary

Security Advisory ID : BSA-2019-864

Component : SANnav portal

Revision : 1.0

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal and is exploitable only is attacker is somehow able to hijack user session.

References
CWE-341: Predictable from Observable State

 Product Confirmed Non Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.