CVE-2024-2860

{"id": "CVE-2024-2860", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-08T02:15:09.873", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260", "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.\n "}, {"lang": "es", "value": "La implementaci\u00f3n de PostgreSQL en las versiones de Brocade SANnav anteriores a la 2.3.0a es vulnerable a una falla de autenticaci\u00f3n local incorrecta. Un atacante que acceda a la m\u00e1quina virtual donde est\u00e1 instalado Brocade SANnav puede obtener acceso a datos confidenciales dentro de la base de datos PostgreSQL."}], "lastModified": "2024-11-21T09:10:42.120", "sourceIdentifier": "sirt@brocade.com"}