VYPR

Snapcenter

by NetApp

CVEs (32)

  • CVE-2017-10365LowOct 19, 2017
    risk 0.25cvss 3.8epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise…

  • CVE-2025-26512Mar 24, 2025
    risk 0.00cvss epss 0.01

    SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

  • CVE-2024-21993Jul 9, 2024
    risk 0.00cvss epss 0.00

    SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.

  • CVE-2024-21987Feb 16, 2024
    risk 0.00cvss epss 0.00

    SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings

  • CVE-2023-27316Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

  • CVE-2023-27313Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.

  • CVE-2023-1096May 12, 2023
    risk 0.00cvss epss 0.01

    SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.

  • CVE-2022-38732Sep 29, 2022
    risk 0.00cvss epss 0.01

    SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.

  • CVE-2022-23234Mar 16, 2022
    risk 0.00cvss epss 0.00

    SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

  • CVE-2018-5482Mar 4, 2019
    risk 0.00cvss epss 0.01

    NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.

  • CVE-2017-15515Mar 4, 2019
    risk 0.00cvss epss 0.01

    NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.

  • CVE-2007-2379Apr 30, 2007
    risk 0.00cvss epss 0.03

    The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the…

Page 2 of 2