Brocade SANnav Information Disclosure Vulnerability
CVE-2024-29968

6.5MEDIUM

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29968?

An information disclosure vulnerability exists within the Brocade SANnav software when configured in disaster recovery mode prior to version 2.3.1 and version 2.3.0a. This vulnerability allows authenticated users to access SQL table names, column names, and queries gathered within the DR standby Supportsave. Such access to the database structure and its contents raises significant concerns regarding data security and the potential for unauthorized information exposure.

Affected Version(s)

Brocade SANnav before v2.3.1 and v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024