CVE-2024-29968

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a

Description An information disclosure issue exists in Brocade SANnav when instances are configured in disaster recovery mode, allowing authenticated users to access the database structure and its contents. This is due to the collection of SQL table names, column names, and SQL queries in DR standby Supportsave.

Recommendations For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the database structure and its contents until a patch is available.