CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. (BSA-2022-2122)
21222
20 March 2023
08 November 2022
CLOSED
MEDIUM
5.5 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
No
CVE-2022-33187
Summary
Security Advisory ID: BSA-2022-2122
Component: DebugLogs
Revision: 1.0
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
Products Affected
Brocade SANnav versions before v2.2.1
Products Confirmed Not Affected
- No other Brocade Fibre Channel products are affected.
Credit.
This issue was found internally.
Revision History
|
Version |
Change |
Date |
|---|---|---|
|
1.0 |
Initial Publication |
Nov 8, 2022 |