Clustered Data Ontap
by NetApp
CVEs (78)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27005 | 0.00 | — | 0.01 | Nov 1, 2021 | Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | |||
| CVE-2021-27001 | 0.00 | — | 0.00 | Oct 19, 2021 | Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | |||
| CVE-2021-27003 | 0.00 | — | 0.01 | Oct 12, 2021 | Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | |||
| CVE-2021-26994 | 0.00 | — | 0.01 | Jun 4, 2021 | Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. | |||
| CVE-2021-26989 | 0.00 | — | 0.01 | Mar 4, 2021 | Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. | |||
| CVE-2021-26988 | 0.00 | — | 0.00 | Mar 4, 2021 | Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM)… | |||
| CVE-2020-8590 | 0.00 | — | 0.00 | Feb 8, 2021 | Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||
| CVE-2020-8578 | 0.00 | — | 0.00 | Feb 8, 2021 | Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||
| CVE-2020-8589 | 0.00 | — | 0.01 | Feb 3, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. | |||
| CVE-2020-8588 | 0.00 | — | 0.01 | Feb 3, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). | |||
| CVE-2020-8581 | 0.00 | — | 0.01 | Jan 19, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | |||
| CVE-2020-8579 | 0.00 | — | 0.01 | Oct 27, 2020 | Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | |||
| CVE-2020-8576 | 0.00 | — | 0.01 | Sep 2, 2020 | Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. | |||
| CVE-2019-5508 | 0.00 | — | 0.01 | Oct 25, 2019 | Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | |||
| CVE-2019-5506 | 0.00 | — | 0.01 | Oct 9, 2019 | Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | |||
| CVE-2019-5491 | 0.00 | — | 0.02 | Feb 27, 2019 | Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | |||
| CVE-2018-5498 | 0.00 | — | 0.01 | Feb 1, 2019 | Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a… | |||
| CVE-2018-5497 | 0.00 | — | 0.00 | Jan 24, 2019 | Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. |
- CVE-2021-27005Nov 1, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
- CVE-2021-27001Oct 19, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
- CVE-2021-27003Oct 12, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
- CVE-2021-26994Jun 4, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
- CVE-2021-26989Mar 4, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
- CVE-2021-26988Mar 4, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM)…
- CVE-2020-8590Feb 8, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
- CVE-2020-8578Feb 8, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
- CVE-2020-8589Feb 3, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
- CVE-2020-8588Feb 3, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
- CVE-2020-8581Jan 19, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
- CVE-2020-8579Oct 27, 2020risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
- CVE-2020-8576Sep 2, 2020risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
- CVE-2019-5508Oct 25, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
- CVE-2019-5506Oct 9, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
- CVE-2019-5491Feb 27, 2019risk 0.00cvss —epss 0.02
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.
- CVE-2018-5498Feb 1, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a…
- CVE-2018-5497Jan 24, 2019risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Page 4 of 4