Vulnerabilities > Netapp > Active IQ Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-28487 Improper Encoding or Escaping of Output vulnerability in multiple products
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
network
low complexity
sudo-project netapp CWE-116
5.3
2023-02-28 CVE-2022-23239 Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.
network
low complexity
netapp CWE-79
4.8
2023-02-28 CVE-2022-23240 Unspecified vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.
network
low complexity
netapp
6.5
2023-02-23 CVE-2023-23914 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially.
network
low complexity
haxx netapp splunk CWE-319
critical
9.1
2023-02-23 CVE-2023-23915 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel.
network
low complexity
haxx netapp splunk CWE-319
6.5
2023-02-17 CVE-2023-0482 Creation of Temporary File With Insecure Permissions vulnerability in multiple products
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
redhat netapp CWE-378
5.5
2023-02-17 CVE-2023-24329 Improper Input Validation vulnerability in multiple products
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
network
low complexity
python fedoraproject netapp CWE-20
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
2022-12-23 CVE-2022-43551 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
network
low complexity
haxx fedoraproject netapp splunk CWE-319
7.5
2022-11-23 CVE-2022-40304 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
local
low complexity
xmlsoft netapp apple CWE-415
7.8