BSA-2020-1074

Brocade Fabric OS

2 more products

21573

28 December 2020

08 September 2020

Closed

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N - 6.8 Medium

N/A

CVE-2019-16212

Summary

Security Advisory ID : BSA-2020-1074

Component : LDAP injection

Revision : 1.0

A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability allows a remote attacker to bypass the authentication process.

Affected Products

Brocade SANnav versions before v2.1.0.

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade SANnav 2.1.0.

Recommended Action

Brocade strongly recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade SANnav to obtain this update.

Credit

This issue was discovered through security testing. 

Revision History

Version Change Date
1.0 Initial Publication September 08, 2020
2.0 CVSS Score changed December 28, 2020