Vulnerabilities > Netapp > E Series Performance Analyzer > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-08 CVE-2022-21713 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp fedoraproject CWE-639
4.3
2022-02-08 CVE-2022-21702 Cross-site Scripting vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp fedoraproject CWE-79
5.4
2021-05-25 CVE-2021-32640 Resource Exhaustion vulnerability in multiple products
ws is an open source WebSocket client and server library for Node.js.
network
low complexity
ws-project netapp CWE-400
5.3
2021-04-01 CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
network
low complexity
eclipse netapp oracle
5.3
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-19 CVE-2021-21267 Resource Exhaustion vulnerability in multiple products
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector).
network
low complexity
schema-inspector-project netapp CWE-400
5.0
2021-03-18 CVE-2021-27358 The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
network
low complexity
grafana netapp
5.0
2020-10-21 CVE-2020-14782 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 4.3
2020-07-27 CVE-2020-11110 Cross-site Scripting vulnerability in multiple products
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
network
low complexity
grafana netapp CWE-79
5.4
2020-07-15 CVE-2020-14621 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). 5.3