Summary

Security Advisory ID : BSA-2019-868

Component : SANnav

Revision : 1.0

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer (SSL)connections.
The vulnerability is due to improper Certificate Validation for SSL connections by The ReportsTrustManager class, which explicitly disables certificate validation.

References
CWE-295: Improper Certificate Validation

 Product Confirmed Non Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.