CVE-2024-29955

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a

Description A vulnerability in Brocade SANnav is related to insufficient protection of registration data in the PostgreSQL component. This could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs, providing attackers with an additional path to acquiring the encryption key.

Recommendations For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PostgreSQL startup logs to minimize the risk of exploitation.