Aggregates CVE and security vulnerability intelligence across all Broadcom-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling, vendor risk sql injection, and vendor risk open redirect and related problems; some flaws may lead to vendor impact file overwrite and vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-4282 | Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | [email protected] | 8.2 | 0.27% | 2025-02-14 | 2026-06-17 |
| CVE-2024-10405 | Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network. | [email protected] | 6.9 | 0.18% | 2025-02-14 | 2026-06-17 |
| CVE-2024-2240 | Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | [email protected] | 8.6 | 0.47% | 2025-02-14 | 2026-06-17 |
| CVE-2025-1053 | Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | [email protected] | 8.6 | 0.14% | 2025-02-13 | 2026-06-17 |
| CVE-2024-10404 | CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exi | [email protected] | 5.5 | 0.10% | 2025-02-13 | 2026-06-17 |
| CVE-2024-7517 | A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to c | [email protected] | 8.5 | 0.61% | 2024-11-21 | 2026-06-17 |
| CVE-2024-10403 | Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | [email protected] | 5.9 | 0.63% | 2024-11-21 | 2026-06-17 |
| CVE-2022-43937 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | [email protected] | 5.7 | 0.46% | 2024-11-21 | 2026-06-17 |
| CVE-2022-43936 | Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | [email protected] | 6.8 | 0.77% | 2024-11-21 | 2026-06-17 |
| CVE-2022-43935 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | [email protected] | 5.3 | 0.22% | 2024-11-21 | 2026-06-17 |
| CVE-2022-43934 | Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | [email protected] | 6.5 | 0.47% | 2024-11-21 | 2026-06-17 |
| CVE-2022-43933 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | [email protected] | 4.4 | 0.26% | 2024-11-21 | 2026-06-17 |
| CVE-2024-7516 | A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | [email protected] | 7.0 | 0.20% | 2024-11-12 | 2026-06-17 |
| CVE-2024-38493 | A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | [email protected] | 6.8 | 0.29% | 2024-07-15 | 2026-06-17 |
| CVE-2024-3596 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | [email protected] | 9.0 | 14.86% | 2024-07-09 | 2026-06-17 |
| CVE-2024-5460 | A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | [email protected] | 8.1 | 0.49% | 2024-06-25 | 2026-06-17 |
| CVE-2024-29954 | A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | [email protected] | 5.9 | 0.05% | 2024-06-25 | 2026-06-17 |
| CVE-2024-29953 | A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. | [email protected] | 4.3 | 0.30% | 2024-06-25 | 2026-06-17 |
| CVE-2024-2860 | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | [email protected] | 7.8 | 0.16% | 2024-05-07 | 2026-06-17 |
| CVE-2024-2859 | By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | [email protected] | 6.8 | 0.85% | 2024-04-26 | 2026-06-17 |