Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.
https://pierrekim.github.io/blog/2024-04-24-brocade-sannav-18-vulnerabilities.html
https://support.broadcom.com/external/content/SecurityAdvisories/0/23248