VYPR

Vendor CVEs

NetApp

All CVEs

362 total · sorted by risk
  • CVE-2021-26988Mar 4, 2021
    risk 0.00cvss epss 0.00

    Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM)…

  • CVE-2020-8590Feb 8, 2021
    risk 0.00cvss epss 0.00

    Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

  • CVE-2020-8578Feb 8, 2021
    risk 0.00cvss epss 0.00

    Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

  • CVE-2020-8587Feb 8, 2021
    risk 0.00cvss epss 0.00

    OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

  • CVE-2020-8589Feb 3, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.

  • CVE-2020-8588Feb 3, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).

  • CVE-2020-8585Jan 28, 2021
    risk 0.00cvss epss 0.00

    OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).

  • CVE-2020-8581Jan 19, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

  • CVE-2020-8582Nov 13, 2020
    risk 0.00cvss epss 0.01

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.

  • CVE-2020-8583Nov 13, 2020
    risk 0.00cvss epss 0.01

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.

  • CVE-2020-8577Nov 6, 2020
    risk 0.00cvss epss 0.01

    SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.

  • CVE-2020-8580Nov 6, 2020
    risk 0.00cvss epss 0.01

    SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).

  • CVE-2020-8579Oct 27, 2020
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

  • CVE-2020-8576Sep 2, 2020
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.

  • CVE-2020-8574Aug 3, 2020
    risk 0.00cvss epss 0.00

    Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.

  • CVE-2020-8575Aug 3, 2020
    risk 0.00cvss epss 0.00

    Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).

  • CVE-2020-8573Jun 29, 2020
    risk 0.00cvss epss 0.01

    The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC…

  • CVE-2020-8572May 21, 2020
    risk 0.00cvss epss 0.01

    Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.

  • CVE-2019-5500May 11, 2020
    risk 0.00cvss epss 0.02

    Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).

  • CVE-2019-17276Mar 24, 2020
    risk 0.00cvss epss 0.01

    OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.

  • CVE-2020-8571Mar 13, 2020
    risk 0.00cvss epss 0.02

    StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).

  • CVE-2019-17275Feb 26, 2020
    risk 0.00cvss epss 0.03

    OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.

  • CVE-2019-17274Feb 26, 2020
    risk 0.00cvss epss 0.01

    NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

  • CVE-2016-5710Feb 10, 2020
    risk 0.00cvss epss 0.01

    NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

  • CVE-2013-3322Jan 31, 2020
    risk 0.00cvss epss 0.04

    NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

  • CVE-2019-17273Jan 30, 2020
    risk 0.00cvss epss 0.01

    E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.

  • CVE-2013-3321Jan 29, 2020
    risk 0.00cvss epss 0.02

    NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

  • CVE-2019-17272Nov 21, 2019
    risk 0.00cvss epss 0.01

    All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.

  • CVE-2019-5509Nov 21, 2019
    risk 0.00cvss epss 0.02

    ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.

  • CVE-2019-11179Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11178Nov 14, 2019
    risk 0.00cvss epss 0.01

    Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2019-11173Nov 14, 2019
    risk 0.00cvss epss 0.00

    Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.

  • CVE-2019-11168Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2019-5508Oct 25, 2019
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).

  • CVE-2019-5507Oct 9, 2019
    risk 0.00cvss epss 0.00

    SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.

  • CVE-2019-5506Oct 9, 2019
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

  • CVE-2019-5505Sep 24, 2019
    risk 0.00cvss epss 0.01

    ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.

  • CVE-2019-5504Sep 24, 2019
    risk 0.00cvss epss 0.02

    ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.

  • CVE-2019-5503Sep 10, 2019
    risk 0.00cvss epss 0.01

    OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2019-5502Aug 5, 2019
    risk 0.00cvss epss 0.01

    SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.

  • CVE-2019-5501Aug 2, 2019
    risk 0.00cvss epss 0.02

    Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.

  • CVE-2019-5493Aug 2, 2019
    risk 0.00cvss epss 0.01

    Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.

  • CVE-2019-5497Jul 1, 2019
    risk 0.00cvss epss 0.03

    NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

  • CVE-2019-5496May 10, 2019
    risk 0.00cvss epss 0.01

    Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2019-5495May 10, 2019
    risk 0.00cvss epss 0.01

    OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2019-5494May 10, 2019
    risk 0.00cvss epss 0.01

    OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2019-5492Apr 29, 2019
    risk 0.00cvss epss 0.02

    Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.

  • CVE-2019-5490Mar 21, 2019
    risk 0.00cvss epss 0.03

    Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should…

  • CVE-2018-5482Mar 4, 2019
    risk 0.00cvss epss 0.01

    NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.

  • CVE-2017-15515Mar 4, 2019
    risk 0.00cvss epss 0.01

    NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.

Page 7 of 8