Insertion of Sensitive Information into Brocade SANnav Log File

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

通过日志文件的信息暴露

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav是美国博通（Broadcom）公司的一套SAN管理平台。 Broadcom Brocade SANnav v2.3.1、v2.3.0a 之前版本存在安全漏洞，该漏洞源于允许特权用户在 PostgreSQL 启动日志中打印 SANnav 加密密钥。

N/A

N/A