Snapcenter
by NetApp
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10365 | Low | 0.25 | 3.8 | 0.02 | Oct 19, 2017 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise… | ||
| CVE-2025-26512 | 0.00 | — | 0.01 | Mar 24, 2025 | SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | |||
| CVE-2024-21993 | 0.00 | — | 0.00 | Jul 9, 2024 | SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | |||
| CVE-2024-21987 | 0.00 | — | 0.00 | Feb 16, 2024 | SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | |||
| CVE-2023-27316 | 0.00 | — | 0.00 | Oct 12, 2023 | SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | |||
| CVE-2023-27313 | 0.00 | — | 0.00 | Oct 12, 2023 | SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | |||
| CVE-2023-1096 | 0.00 | — | 0.01 | May 12, 2023 | SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | |||
| CVE-2022-38732 | 0.00 | — | 0.01 | Sep 29, 2022 | SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | |||
| CVE-2022-23234 | 0.00 | — | 0.00 | Mar 16, 2022 | SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. | |||
| CVE-2018-5482 | 0.00 | — | 0.01 | Mar 4, 2019 | NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | |||
| CVE-2017-15515 | 0.00 | — | 0.01 | Mar 4, 2019 | NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||
| CVE-2007-2379 | 0.00 | — | 0.03 | Apr 30, 2007 | The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the… |
- risk 0.25cvss 3.8epss 0.02
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise…
- CVE-2025-26512Mar 24, 2025risk 0.00cvss —epss 0.01
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
- CVE-2024-21993Jul 9, 2024risk 0.00cvss —epss 0.00
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.
- CVE-2024-21987Feb 16, 2024risk 0.00cvss —epss 0.00
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
- CVE-2023-27316Oct 12, 2023risk 0.00cvss —epss 0.00
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
- CVE-2023-27313Oct 12, 2023risk 0.00cvss —epss 0.00
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
- CVE-2023-1096May 12, 2023risk 0.00cvss —epss 0.01
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
- CVE-2022-38732Sep 29, 2022risk 0.00cvss —epss 0.01
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
- CVE-2022-23234Mar 16, 2022risk 0.00cvss —epss 0.00
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.
- CVE-2018-5482Mar 4, 2019risk 0.00cvss —epss 0.01
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
- CVE-2017-15515Mar 4, 2019risk 0.00cvss —epss 0.01
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
- CVE-2007-2379Apr 30, 2007risk 0.00cvss —epss 0.03
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the…
Page 2 of 2