Support Content Notification - Support Portal

BSA-2022-1978

Product/Component

Brocade SANnav

1 more products

Notification Id

21284

Last Updated

22 June 2022

Initial Publication Date

22 June 2022

Status

Closed

Severity

High

CVSS Base Score

Base Score: 8.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

WorkAround

N/A

Affected CVE

CVE-2022-28167

Summary

Security Advisory ID : BSA-2022-1978

Component : Password

Revision : 1.0

Brocade SANnav before Brocade SANvav v.2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

Affected Products

Brocade SANnav versions before v2.2.0.2 and v2.1.1.8

Products Confirmed Not Vulnerable

Brocade Fabric OS
Brocade ASCG

No other Brocade Fibre Channel Products from Broadcom are affected by this vulnerability.

Solution

A security update has been provided in Brocade SANnav v2.2.0.2, Brocade SANnav v2.1.1.8, and upper Brocade SANnav releases.

Credit

The issue was discovered during internal testing

Revision History

Version	Change	Date
1.0	Initial Publication	June 22, 2022