Vendor CVEs
NetApp
All CVEs
362 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26988 | 0.00 | — | 0.00 | Mar 4, 2021 | Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM)… | |||
| CVE-2020-8590 | 0.00 | — | 0.00 | Feb 8, 2021 | Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||
| CVE-2020-8578 | 0.00 | — | 0.00 | Feb 8, 2021 | Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||
| CVE-2020-8587 | 0.00 | — | 0.00 | Feb 8, 2021 | OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs. | |||
| CVE-2020-8589 | 0.00 | — | 0.01 | Feb 3, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. | |||
| CVE-2020-8588 | 0.00 | — | 0.01 | Feb 3, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). | |||
| CVE-2020-8585 | 0.00 | — | 0.00 | Jan 28, 2021 | OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | |||
| CVE-2020-8581 | 0.00 | — | 0.01 | Jan 19, 2021 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | |||
| CVE-2020-8582 | 0.00 | — | 0.01 | Nov 13, 2020 | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | |||
| CVE-2020-8583 | 0.00 | — | 0.01 | Nov 13, 2020 | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||
| CVE-2020-8577 | 0.00 | — | 0.01 | Nov 6, 2020 | SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||
| CVE-2020-8580 | 0.00 | — | 0.01 | Nov 6, 2020 | SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | |||
| CVE-2020-8579 | 0.00 | — | 0.01 | Oct 27, 2020 | Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | |||
| CVE-2020-8576 | 0.00 | — | 0.01 | Sep 2, 2020 | Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. | |||
| CVE-2020-8574 | 0.00 | — | 0.00 | Aug 3, 2020 | Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | |||
| CVE-2020-8575 | 0.00 | — | 0.00 | Aug 3, 2020 | Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). | |||
| CVE-2020-8573 | 0.00 | — | 0.01 | Jun 29, 2020 | The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC… | |||
| CVE-2020-8572 | 0.00 | — | 0.01 | May 21, 2020 | Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | |||
| CVE-2019-5500 | 0.00 | — | 0.02 | May 11, 2020 | Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). | |||
| CVE-2019-17276 | 0.00 | — | 0.01 | Mar 24, 2020 | OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | |||
| CVE-2020-8571 | 0.00 | — | 0.02 | Mar 13, 2020 | StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | |||
| CVE-2019-17275 | 0.00 | — | 0.03 | Feb 26, 2020 | OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | |||
| CVE-2019-17274 | 0.00 | — | 0.01 | Feb 26, 2020 | NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. | |||
| CVE-2016-5710 | 0.00 | — | 0.01 | Feb 10, 2020 | NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2013-3322 | 0.00 | — | 0.04 | Jan 31, 2020 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | |||
| CVE-2019-17273 | 0.00 | — | 0.01 | Jan 30, 2020 | E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | |||
| CVE-2013-3321 | 0.00 | — | 0.02 | Jan 29, 2020 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | |||
| CVE-2019-17272 | 0.00 | — | 0.01 | Nov 21, 2019 | All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges. | |||
| CVE-2019-5509 | 0.00 | — | 0.02 | Nov 21, 2019 | ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | |||
| CVE-2019-11179 | 0.00 | — | 0.01 | Nov 14, 2019 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | |||
| CVE-2019-11178 | 0.00 | — | 0.01 | Nov 14, 2019 | Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. | |||
| CVE-2019-11173 | 0.00 | — | 0.00 | Nov 14, 2019 | Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | |||
| CVE-2019-11168 | 0.00 | — | 0.01 | Nov 14, 2019 | Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | |||
| CVE-2019-5508 | 0.00 | — | 0.01 | Oct 25, 2019 | Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | |||
| CVE-2019-5507 | 0.00 | — | 0.00 | Oct 9, 2019 | SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | |||
| CVE-2019-5506 | 0.00 | — | 0.01 | Oct 9, 2019 | Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | |||
| CVE-2019-5505 | 0.00 | — | 0.01 | Sep 24, 2019 | ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||
| CVE-2019-5504 | 0.00 | — | 0.02 | Sep 24, 2019 | ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | |||
| CVE-2019-5503 | 0.00 | — | 0.01 | Sep 10, 2019 | OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||
| CVE-2019-5502 | 0.00 | — | 0.01 | Aug 5, 2019 | SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | |||
| CVE-2019-5501 | 0.00 | — | 0.02 | Aug 2, 2019 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | |||
| CVE-2019-5493 | 0.00 | — | 0.01 | Aug 2, 2019 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | |||
| CVE-2019-5497 | 0.00 | — | 0.03 | Jul 1, 2019 | NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | |||
| CVE-2019-5496 | 0.00 | — | 0.01 | May 10, 2019 | Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||
| CVE-2019-5495 | 0.00 | — | 0.01 | May 10, 2019 | OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||
| CVE-2019-5494 | 0.00 | — | 0.01 | May 10, 2019 | OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||
| CVE-2019-5492 | 0.00 | — | 0.02 | Apr 29, 2019 | Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. | |||
| CVE-2019-5490 | 0.00 | — | 0.03 | Mar 21, 2019 | Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should… | |||
| CVE-2018-5482 | 0.00 | — | 0.01 | Mar 4, 2019 | NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | |||
| CVE-2017-15515 | 0.00 | — | 0.01 | Mar 4, 2019 | NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. |
- CVE-2021-26988Mar 4, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM)…
- CVE-2020-8590Feb 8, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
- CVE-2020-8578Feb 8, 2021risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
- CVE-2020-8587Feb 8, 2021risk 0.00cvss —epss 0.00
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.
- CVE-2020-8589Feb 3, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
- CVE-2020-8588Feb 3, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
- CVE-2020-8585Jan 28, 2021risk 0.00cvss —epss 0.00
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
- CVE-2020-8581Jan 19, 2021risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
- CVE-2020-8582Nov 13, 2020risk 0.00cvss —epss 0.01
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.
- CVE-2020-8583Nov 13, 2020risk 0.00cvss —epss 0.01
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
- CVE-2020-8577Nov 6, 2020risk 0.00cvss —epss 0.01
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
- CVE-2020-8580Nov 6, 2020risk 0.00cvss —epss 0.01
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).
- CVE-2020-8579Oct 27, 2020risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
- CVE-2020-8576Sep 2, 2020risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
- CVE-2020-8574Aug 3, 2020risk 0.00cvss —epss 0.00
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
- CVE-2020-8575Aug 3, 2020risk 0.00cvss —epss 0.00
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
- CVE-2020-8573Jun 29, 2020risk 0.00cvss —epss 0.01
The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC…
- CVE-2020-8572May 21, 2020risk 0.00cvss —epss 0.01
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
- CVE-2019-5500May 11, 2020risk 0.00cvss —epss 0.02
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
- CVE-2019-17276Mar 24, 2020risk 0.00cvss —epss 0.01
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.
- CVE-2020-8571Mar 13, 2020risk 0.00cvss —epss 0.02
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).
- CVE-2019-17275Feb 26, 2020risk 0.00cvss —epss 0.03
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
- CVE-2019-17274Feb 26, 2020risk 0.00cvss —epss 0.01
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
- CVE-2016-5710Feb 10, 2020risk 0.00cvss —epss 0.01
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
- CVE-2013-3322Jan 31, 2020risk 0.00cvss —epss 0.04
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
- CVE-2019-17273Jan 30, 2020risk 0.00cvss —epss 0.01
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.
- CVE-2013-3321Jan 29, 2020risk 0.00cvss —epss 0.02
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
- CVE-2019-17272Nov 21, 2019risk 0.00cvss —epss 0.01
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
- CVE-2019-5509Nov 21, 2019risk 0.00cvss —epss 0.02
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
- CVE-2019-11179Nov 14, 2019risk 0.00cvss —epss 0.01
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.
- CVE-2019-11178Nov 14, 2019risk 0.00cvss —epss 0.01
Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.
- CVE-2019-11173Nov 14, 2019risk 0.00cvss —epss 0.00
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.
- CVE-2019-11168Nov 14, 2019risk 0.00cvss —epss 0.01
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
- CVE-2019-5508Oct 25, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
- CVE-2019-5507Oct 9, 2019risk 0.00cvss —epss 0.00
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
- CVE-2019-5506Oct 9, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
- CVE-2019-5505Sep 24, 2019risk 0.00cvss —epss 0.01
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
- CVE-2019-5504Sep 24, 2019risk 0.00cvss —epss 0.02
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
- CVE-2019-5503Sep 10, 2019risk 0.00cvss —epss 0.01
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
- CVE-2019-5502Aug 5, 2019risk 0.00cvss —epss 0.01
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
- CVE-2019-5501Aug 2, 2019risk 0.00cvss —epss 0.02
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
- CVE-2019-5493Aug 2, 2019risk 0.00cvss —epss 0.01
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
- CVE-2019-5497Jul 1, 2019risk 0.00cvss —epss 0.03
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
- CVE-2019-5496May 10, 2019risk 0.00cvss —epss 0.01
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
- CVE-2019-5495May 10, 2019risk 0.00cvss —epss 0.01
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
- CVE-2019-5494May 10, 2019risk 0.00cvss —epss 0.01
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
- CVE-2019-5492Apr 29, 2019risk 0.00cvss —epss 0.02
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
- CVE-2019-5490Mar 21, 2019risk 0.00cvss —epss 0.03
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should…
- CVE-2018-5482Mar 4, 2019risk 0.00cvss —epss 0.01
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
- CVE-2017-15515Mar 4, 2019risk 0.00cvss —epss 0.01
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
Page 7 of 8