CVE-2019-16205
HIGHBrocade SANnav < 2.0 - Session ID Brute-Force via Insufficiently Random Values
Title source: llmDescription
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864
Scores
CVSS v3
8.8
EPSS
0.0129
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-330
Status
published
Products (1)
broadcom/brocade_sannav
< 2.0
Published
Nov 08, 2019
Tracked Since
Feb 18, 2026