Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29968

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.

Published

2024-04-19T06:15:06.497

Last Modified

2025-02-04T15:41:56.900

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-922
Type: Primary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	brocade_sannav	< 2.3.0a	Yes

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 Vendor Advisory ([email protected])
https://support.broadcom.com/external/content/SecurityAdvisories/0/23253 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)