Lucene search

BrocadeVULNRICHMENT:CVE-2024-2860

HistoryMay 08, 2024 - 1:01 a.m.

CVE-2024-2860

2024-05-0801:01:54

CWE-306

brocade

github.com

brocade sannav

postgresql

implementation vulnerability

incorrect local authentication flaw

sensitive data

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Brocade SAnnav",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before SANnav v2.3.0a"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VULNRICHMENT:CVE-2024-2860