CVE-2024-29964 MEDIUM

CVE-2024-29964: Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files

Vendor Brocade
Product Brocade SANnav
Weakness CWE-732
Published April 19, 2024
Last update September 18, 2024

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

Key dates

02Disclosure timeline

April 19, 2024 CVE published
September 18, 2024 Record updated