What is CVE-2022-28167?

A medium severity vulnerability has been identified in Broadcom SANnav. The issue involves logging sensitive information, specifically the Fabric OS switch password, in plain text. Organizations should address this vulnerability to protect against potential unauthorized access.

What is the severity of CVE-2022-28167?

CVE-2022-28167 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2022-28167 | Medium Vulnerability in Broadcom SANnav

Brocade SANnav prior to versions 2.2.0.2 and 2.1.1.8 exposes a vulnerability where the Fabric OS switch password is logged in plain text within the asyncjobscheduler-manager.log file. This vulnerability allows sensitive information to be compromised, presenting a real-world risk of unauthorized access to the affected systems.

With a CVSS score of 6.5, this vulnerability is classified as medium severity. The implications for organizations include high confidentiality impact, which could lead to unauthorized access to critical systems. Given the nature of the exposed information, organizations should prioritize patching this vulnerability immediately.

As of now, no public exploit has been confirmed for this vulnerability. However, the ease of exploitation and the potential for serious consequences necessitate an urgent response from security teams.

Organizations using Broadcom SANnav should assess their deployments and ensure they are updated to the latest versions to mitigate this risk.

Vulnerability Details

The vulnerability in question allows the Fabric OS switch password to be logged in plaintext in the asyncjobscheduler-manager.log file. This was reported for versions prior to Brocade SANvav v. 2.2.0.2 and Brocade SANanv v. 2.1.1.8. Its CVSS score is 6.5, indicating a medium severity level due to its network attack vector and low complexity.

The affected systems include various versions of the Broadcom SANnav software, which is crucial for managing Fibre Channel networks.

Technical Analysis

The root cause of this vulnerability lies in the logging configuration of the SANnav software, which improperly handles sensitive information. Attackers may leverage this weakness over a network, given the low attack complexity and the low privileges required for exploitation. User interaction is not necessary, thereby increasing the likelihood of successful attacks.

The confidentiality impact is rated high since the password exposure could allow unauthorized access to network resources, while integrity and availability impacts are rated as none.

Risk & Impact Analysis

Organizations using Broadcom SANnav face significant risks due to this vulnerability. The exposure of sensitive credentials in logs can lead to unauthorized access, potentially compromising critical infrastructure. The blast radius is considerable, as attackers could exploit this vulnerability to gain further access within the network.

Given the medium severity of this vulnerability, organizations should address it in their priority patch cycle. The potential for exploitation is compounded by the fact that no public exploit has been confirmed, but the risk remains substantial.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerable versions include all versions of Brocade SANnav prior to 2.2.0.2 and Brocade SANanv prior to 2.1.1.8.

Mitigation & Remediation

Organizations should update their Brocade SANnav software to at least version 2.2.0.2 or Brocade SANanv to version 2.1.1.8 to remediate this vulnerability.

In addition, organizations should consider implementing additional security measures such as log monitoring and ensuring that sensitive data is not logged in plain text.

For more information on how to secure your environment, organizations can refer to resources on penetration testing and effective remediation strategies.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for any unauthorized access to the asyncjobscheduler-manager.log file. Additionally, reviewing user access patterns and implementing alerts for suspicious activity can help mitigate risks.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the importance of secure logging practices within applications. Organizations should be proactive in reviewing their logging configurations to prevent the exposure of sensitive information.

This vulnerability exemplifies a common oversight in application security where sensitive data is not adequately protected. Security teams should learn from this incident and adopt stricter controls to safeguard against similar vulnerabilities.

For further insights and guidance on securing your applications, refer to the following resources: vulnerability management program, penetration testing methodology, and continuous security testing best practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-28167: Medium Vulnerability in Broadcom SANnav