Security Advisory ID : BSA-2021-1319
Component : Brocade SANnav
Revision : 1.0: Final
**
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
**Note:**When custom fields are added through the Inventory Custom Field Management pages, user-supplied values are not properly escaped, resulting in data corruption. After the data is corrupted, additional requests cause the data to inflate, resulting in a resource exhaustion condition that causes SANnav to become unavailable until the data is cleared.
Affected Products
Brocade SANnav before v.2.1.0a.