Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28165

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

Published

2022-05-06T17:15:09.010

Last Modified

2024-11-21T06:56:52.843

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	sannav	< 2.2.0	Yes

References

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844 Vendor Advisory ([email protected])
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)