A
n information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
References
| Link | Resource |
|---|---|
| https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 | Vendor Advisory |
| https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 | Vendor Advisory |
Configurations
History
04 Feb 2025, 15:41
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Broadcom
Broadcom brocade Sannav |
|
| CPE | cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:* | |
| References | () https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 - Vendor Advisory |
21 Nov 2024, 09:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 - |
18 Sep 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | |
| CWE | CWE-922 |
Information
Published : 2024-04-19 06:15
Updated : 2025-02-04 15:41
NVD link : CVE-2024-29968
Mitre link : CVE-2024-29968
CVE.ORG link : CVE-2024-29968
JSON object : View
Products Affected
CWE
CWE-922
Insecure Storage of Sensitive Information