Server-Side Request Forgery in Brocade SANnav Vulnerability
CVE-2020-15377

9.8CRITICAL

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 9 June 2021

What is CVE-2020-15377?

The Webtools component in Brocade SANnav, prior to version 2.1.1, is susceptible to a configuration flaw that permits unauthenticated users to initiate requests to arbitrary hosts. This type of vulnerability, known as Server-Side Request Forgery (SSRF), can lead to potential information exposure and other security risks, as malicious actors can exploit this to interact with unintended servers.

Affected Version(s)

Brocade SANnav Brocade SANnav before version 2.1.1

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Jun 29, 2020

Broadcom

What is CVE-2020-15377?

Affected Version(s)

References

CVSS V3.1

Timeline