VYPR

Oncommand Unified Manager Core Package

by NetApp

CVEs (6)

  • CVE-2017-7439HigMay 26, 2017
    risk 0.49cvss 7.5epss 0.02

    NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.

  • CVE-2017-7236HigMay 26, 2017
    risk 0.49cvss 7.5epss 0.02

    SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-7568MedJun 22, 2018
    risk 0.35cvss 5.3epss 0.01

    NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.

  • CVE-2017-15906MedOct 26, 2017
    risk 0.35cvss 5.3epss 0.03

    The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

  • CVE-2020-8585Jan 28, 2021
    risk 0.00cvss epss 0.00

    OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).

  • CVE-2018-5481Jan 7, 2019
    risk 0.00cvss epss 0.01

    OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.