PT-2025-29167 · Brocade · Brocade Sannav
Published
2025-07-08
·
Updated
2025-08-27
·
CVE-2025-6392
CVSS v4.0
6.7
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Brocade SANnav versions prior to 2.4.0a
Description:
Brocade SANnav versions prior to 2.4.0a could log database passwords in clear text within audit logs when the daily data dump collector executes
docker exec commands. These audit logs are local to the server VM and are not managed by SANnav. Access to these logs is restricted to the host server administrator and is not accessible to SANnav administrators or users.Recommendations:
Update Brocade SANnav to version 2.4.0a or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Sannav