CVE-2022-28165
First published: Fri May 06 2022(Updated: )
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
Credit: sirt@brocade.com sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Sannav | <2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-28165?
CVE-2022-28165 is a vulnerability in the role-based access control (RBAC) functionality of Brocade SANNav before version 2.2.0.
How does CVE-2022-28165 impact users?
CVE-2022-28165 allows an authenticated remote attacker to access resources and perform actions that they should not be able to.
What is the severity of CVE-2022-28165?
CVE-2022-28165 has a severity rating of 8.8 (high).
How can I fix CVE-2022-28165?
To fix CVE-2022-28165, update to Brocade SANNav version 2.2.0 or later.
Where can I find more information about CVE-2022-28165?
More information about CVE-2022-28165 can be found at the following link: [https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844](https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844)
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-api
- collector/nvd-index
- vendor/broadcom
- canonical/broadcom sannav