CVE-2025-6392— Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)

Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

N/A

通过日志文件的信息暴露

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav是美国博通（Broadcom）公司的一款存储区域网络管理和自动化软件平台。 Broadcom Brocade SANnav 2.4.0a之前版本存在安全漏洞，该漏洞源于每日数据转储收集器调用docker exec命令时，可能以明文记录数据库密码到审计日志中。

N/A

N/A