Summary

Security Advisory ID : BSA-2019-869

Component : SANnav

Revision : 1.0

An information exposure vulnerability, in Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. The vulnerability could allow an authenticated local malicious user with access to the support save file to obtain the exposed password to use it in further attacks. The vulnerability  could  be  exploited  only if the database  service is exposed outside, which requires root level access, to the server where SANnav is installed.

References
CWE-532: Information Exposure through Log Files.
 

 Product Confirmed Non Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.