PT-2026-5695 · Brocade · Brocade Sannav
Published
2026-02-02
·
Updated
2026-03-03
·
CVE-2025-12680
CVSS v4.0
6.0
Medium
| Vector | AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.4.0b
Description
Brocade SANnav before version 2.4.0b improperly handles database passwords, logging them in clear text on the standby SANnav server following a disaster recovery failover. A remote, authenticated attacker with administrative privileges could potentially access these passwords through SANnav logs or supportsave files.
Recommendations
Update to Brocade SANnav version 2.4.0b or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Brocade Sannav