VYPR

Oncommand System Manager

by NetApp

CVEs (10)

  • CVE-2015-8322HigFeb 7, 2017
    risk 0.57cvss 8.8epss 0.02

    NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2016-5045HigJul 3, 2017
    risk 0.53cvss 8.1epss 0.01

    NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.

  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2016-3063HigFeb 7, 2017
    risk 0.49cvss 7.5epss 0.01

    Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.

  • CVE-2016-5047MedSep 1, 2016
    risk 0.42cvss 6.5epss 0.02

    NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.

  • CVE-2013-3320Jan 29, 2020
    risk 0.03cvss epss 0.02

    Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.

  • CVE-2020-8587Feb 8, 2021
    risk 0.00cvss epss 0.00

    OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

  • CVE-2019-17276Mar 24, 2020
    risk 0.00cvss epss 0.01

    OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.

  • CVE-2013-3322Jan 31, 2020
    risk 0.00cvss epss 0.04

    NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

  • CVE-2013-3321Jan 29, 2020
    risk 0.00cvss epss 0.02

    NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.