Brocade

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-7398 2Broadcom Brocade 2Ascg Brocade Active Support Connectivity Gateway Apr 6, 2026 Jul 17, 2025 8.6 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
CVE-2025-7397 1Brocade 1Ascg Feb 2, 2026 Jul 17, 2025 6.8 MEDIUM· v4 7.1 HIGH· v3 N/A· v2 A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensi...Show more A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.Show less
CVE-2025-6391 2Broadcom Brocade 2Ascg Brocade Active Support Connectivity Gateway Apr 6, 2026 Jul 17, 2025 7.1 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacki...Show more Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.Show less
CVE-2025-4663 2Broadcom Brocade 2Fabric Operating System Fabric Operating System Feb 20, 2026 Jul 8, 2025 6.8 MEDIUM· v4 4.9 MEDIUM· v3 N/A· v2 An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is...Show more An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2Show less
CVE-2024-1509 2Broadcom Brocade 2Active Support Connectivity Gateway Brocade Active Support Connectivity Gateway Apr 6, 2026 Feb 28, 2025 7.6 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. T...Show more Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.Show less
CVE-2024-7517 2Broadcom Brocade 2Fabric Operating System Fabric Operating System Feb 20, 2026 Nov 21, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of th...Show more A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.Show less
CVE-2023-4162 2Broadcom Brocade 2Fabric Operating System Fabric Operating System Feb 20, 2026 Aug 31, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to cra...Show more A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.Show less
CVE-2022-33186 1Brocade 1Fabric Operating System Apr 23, 2025 Dec 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying z...Show more A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Show less
CVE-2022-27776 6Brocade DebianFedoraproject+3 more 13Clustered Data Ontap CurlDebian Linux+10 more Nov 21, 2024 Jun 2, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27775 5Brocade DebianHaxx+2 more 12Clustered Data Ontap CurlDebian Linux+9 more May 27, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
CVE-2022-27774 5Brocade DebianHaxx+2 more 12Clustered Data Ontap CurlDebian Linux+9 more May 27, 2026 Jun 2, 2022 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authenticat...Show more An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Show less
CVE-2022-22576 5Brocade DebianHaxx+2 more 12Bootstrap Os Clustered Data OntapCurl+9 more May 27, 2026 May 26, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the...Show more An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).Show less
CVE-2022-28161 1Brocade 1Sannav Nov 21, 2024 May 9, 2022 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfe...Show more An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.Show less
CVE-2021-22555 3Brocade LinuxNetapp 21Aff 500f Firmware Aff A250 FirmwareAff A400 Firmware+18 more Oct 27, 2025 Jul 7, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVE-2020-13632 8Brocade CanonicalDebian+5 more 12Cloud Backup Communications Network Charging And ControlDebian Linux+9 more Nov 21, 2024 May 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13631 8Apple BrocadeCanonical+5 more 18Cloud Backup Communications Network Charging And ControlFabric Operating System+15 more Nov 21, 2024 May 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13630 9Apple BrocadeCanonical+6 more 19Cloud Backup Communications Network Charging And ControlDebian Linux+16 more Nov 21, 2024 May 27, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2018-6445 2Brocade Netapp 2Brocade Network Advisor Network Advisor Nov 21, 2024 Jan 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The a...Show more A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.Show less
CVE-2018-6444 2Brocade Netapp 2Brocade Network Advisor Network Advisor Nov 21, 2024 Jan 22, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVE-2018-6443 2Brocade Netapp 2Brocade Network Advisor Network Advisor Nov 21, 2024 Jan 22, 2019 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentia...Show more A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.Show less

12 Next