Description
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95691
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-052
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
Various Sources x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180
Scores
CVSS v3
7.5
EPSS
0.1538
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
brocade/network_advisor
< 14.0.2
n/a/Brocade Network Advisor versions released prior to and including 14.0.2
Brocade Network Advisor versions released prior to and including 14.0.2
Published
Jan 14, 2017
Tracked Since
Feb 18, 2026