BSA-2022-1978

Brocade Fabric OS

2 more products

21284

22 June 2022

22 June 2022

Closed

High

Base Score: 8.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

N/A

CVE-2022-28167

Summary

Security Advisory ID : BSA-2022-1978

Component : Password

Revision : 1.0

Brocade SANnav before Brocade SANvav v.2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

Affected Products

  • Brocade SANnav versions before v2.2.0.2 and v2.1.1.8

Products Confirmed Not Vulnerable

  • Brocade Fabric OS
  • Brocade ASCG

No other Brocade Fibre Channel Products from Broadcom are affected by this vulnerability.

Solution

A security update has been provided in Brocade SANnav v2.2.0.2, Brocade SANnav v2.1.1.8, and upper Brocade SANnav releases.

Credit

The issue was discovered during internal testing

Revision History

VersionChangeDate
1.0Initial PublicationJune 22, 2022