BSA-2019-868

Brocade Fabric OS

2 more products

21618

28 October 2019

28 October 2019

Closed

High

7.5

N/A

CVE-2019-16209

Summary

Security Advisory ID : BSA-2019-868

Component : SANnav

Revision : 1.0

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer (SSL)connections.
The vulnerability is due to improper Certificate Validation for SSL connections by The ReportsTrustManager class, which explicitly disables certificate validation.

References
CWE-295: Improper Certificate Validation

 Product Confirmed Non Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Version Change Date
1.0 Initial Publication October 28, 2019