CVE-2024-2860

HIGH

Brocade SANnav < 2.3.0a - Unauthenticated PostgreSQL Database Access

Title source: llm

Description

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

References (1)

Core 1

Core References

Vendor Advisory

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 23.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

broadcom/brocade_sannav 2.3.1

broadcom/brocade_sannav < 2.3.0a

Published May 08, 2024

Tracked Since Feb 18, 2026