CVE-2024-2860
First published: Wed May 08 2024(Updated: )
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom SANnav OVA | <2.3.0a | |
| Broadcom SANnav OVA | <2.3.0a | |
| Broadcom SANnav OVA | =2.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2860?
CVE-2024-2860 is classified as a medium severity vulnerability due to its potential to expose sensitive data in PostgreSQL.
How do I fix CVE-2024-2860?
To mitigate CVE-2024-2860, upgrade Brocade SANnav to version 2.3.0a or later to eliminate the authentication flaw.
Who is affected by CVE-2024-2860?
CVE-2024-2860 affects Brocade SANnav versions prior to 2.3.0a installed on virtual machines.
What type of vulnerability is CVE-2024-2860?
CVE-2024-2860 is a local authentication flaw that can allow unauthorized access to sensitive data.
Can I still use Brocade SANnav if I have CVE-2024-2860?
It's not recommended to use Brocade SANnav versions before 2.3.0a due to the security risk associated with CVE-2024-2860.
- agent/weakness
- agent/first-publish-date
- agent/references
- agent/description
- agent/type
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/brocade
- canonical/broadcom sannav ova
- vendor/broadcom
- version/broadcom sannav ova/2.3.1