Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 2315 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15707 3 Apache, Netapp, Oracle 12 Struts, Oncommand Balance, Agile Plm Framework and 9 more 2024-11-21 5.0 MEDIUM 6.2 MEDIUM
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
CVE-2017-15519 1 Netapp 1 Snapcenter Server 2024-11-21 6.4 MEDIUM 7.2 HIGH
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.
CVE-2017-15518 1 Netapp 2 Oncommand Api Services, Service Level Manager 2024-11-21 2.1 LOW 7.8 HIGH
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
CVE-2017-15517 1 Netapp 1 Altavault Ost Plug-in 2024-11-21 2.1 LOW 5.5 MEDIUM
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.
CVE-2017-15516 1 Netapp 1 Snapcenter Server 2024-11-21 6.8 MEDIUM 8.8 HIGH
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
CVE-2017-15515 1 Netapp 1 Snapcenter Server 2024-11-21 3.5 LOW 4.8 MEDIUM
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
CVE-2017-15095 5 Debian, Fasterxml, Netapp and 2 more 25 Debian Linux, Jackson-databind, Oncommand Balance and 22 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
CVE-2017-14583 1 Netapp 1 Clustered Data Ontap 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVE-2017-14053 1 Netapp 1 Oncommand Unified Manager For Clustered Data Ontap 2024-11-21 5.0 MEDIUM 7.5 HIGH
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
CVE-2017-13652 1 Netapp 1 Oncommand Insight 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.
CVE-2017-12859 1 Netapp 1 Data Ontap 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2017-12652 2 Libpng, Netapp 2 Libpng, Active Iq Unified Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 58 Tomcat, Ubuntu Linux, Debian Linux and 55 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12615 4 Apache, Microsoft, Netapp and 1 more 23 Tomcat, Windows, 7-mode Transition Tool and 20 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12423 1 Netapp 1 Clustered Data Ontap 2024-11-21 4.0 MEDIUM 7.7 HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
CVE-2017-12422 1 Netapp 1 Storagegrid Webscale 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.
CVE-2017-12421 1 Netapp 1 Clustered Data Ontap 2024-11-21 6.5 MEDIUM 8.8 HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2017-12420 1 Netapp 1 Clustered Data Ontap 2024-11-21 6.5 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
CVE-2017-11461 1 Netapp 1 Oncommand Unified Manager 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.
CVE-2017-11147 2 Netapp, Php 2 Clustered Data Ontap, Php 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.