Vulnerabilities > Netapp > Clustered Data Ontap > 9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-27538 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
| 2023-02-23 | CVE-2023-23914 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. | 9.1 |
| 2023-02-23 | CVE-2023-23915 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
| 2021-10-19 | CVE-2021-27001 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | 5.5 |
| 2021-10-12 | CVE-2021-27003 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | 4.7 |
| 2021-06-04 | CVE-2021-26994 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. | 6.5 |
| 2021-02-08 | CVE-2020-8590 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | 3.3 |
| 2021-02-08 | CVE-2020-8578 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | 3.3 |
| 2021-02-03 | CVE-2020-8589 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. low complexity netapp | 3.5 |
| 2021-02-03 | CVE-2020-8588 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). low complexity netapp | 3.5 |