jwoytek-cisa
commented
1 month ago I'm going to loop in @amanion-cisa on this one. There are some inconsistencies in the NVD dictionary data that appear to be the result of Broadcom's acquisition of Brocade, as there is broadcom:sannav, broadcom:brocade_sannav, and there is existing NVD data with brocade_sannav. It appears as though our analysts also created a few related entries.
It will take a bit to make these consistent. Looking at the NVD dictionary data, it looks like "broadcom:sannav is intended to be the way forward, as it has more recent version updates than broadcom:brocade_sannav.
I'm passing this up to our analysts to examine, and will coordinate with Art on which one(s) should be in use for these.
I noticed the use of different product CPE products being used when the product / version provided is the same in the CVElist. Brocade Sannav is expressed two different ways, both of which are in the CPE dictionary. I would recommend being consistent.
cpe:2.3:a:brocade:brocade_sannav:::::::: cpe:2.3:a:brocade:sannav::::::::
CVE-2024-2860 CVE-2024-4173 CVE-2024-29952 CVE-2024-29964 CVE-2024-29965 CVE-2024-29962 CVE-2024-29961 CVE-2024-29958 CVE-2024-29957 CVE-2024-29966 CVE-2024-29967 CVE-2024-4159 CVE-2024-29969 CVE-2024-29955 CVE-2024-29963 CVE-2024-29959 CVE-2024-29960