Primary

Context

Brocade SANnav Database Password Logging Vulnerability in Audit Logs

Vulnerability

Patched

A vulnerability exists in Brocade SANnav versions prior to 2.4.0a, where the application could log database passwords in clear text within audit logs. This issue arises when the daily data dump collector executes docker commands, potentially exposing sensitive information. These audit logs are part of the local server VM's logging system, not managed by SANnav, and are only accessible to the server administrator of the host. SANnav administrators and users do not have visibility into these logs.

Impact

Exposed database passwords in clear text within local audit logs, accessible only to the host server admin.

Remediation

Users can upgrade to Brocade SANnav 2.4.0a to address this vulnerability.

Added: Jul 10, 2025, 10:21 PM

Updated: Jul 10, 2025, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.8

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.8

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade SANnav Database Password Logging Vulnerability in Audit Logs

Vulnerability

Impact

Remediation

Affected Products

Brocade SANnav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating