CVE-2024-29968

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.

Related Vulnerabilities

CVE-2018-13313

MEDIUM
CVSS:6.5(Medium)

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kno...

CWE-9222018

CVE-2019-5632

MEDIUM
CVSS:6.5(Medium)

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain informatio...

CWE-9222019

CVE-2019-5633

MEDIUM
CVSS:6.5(Medium)

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information th...

CWE-9222019

CVE-2020-28911

MEDIUM
CVSS:6.5(Medium)

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

CWE-9222020

CVE-2021-25406

MEDIUM
CVSS:6.5(Medium)

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.

CWE-9222021

CVE-2021-28653

MEDIUM
CVSS:6.5(Medium)

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave suppor...

CWE-9222021