Vulnerabilities > Netapp > Element Plug IN FOR Vcenter Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse netapp oracle
5.3
2021-04-01 CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
network
low complexity
eclipse netapp oracle
5.3
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
2019-04-29 CVE-2019-5492 Unspecified vulnerability in Netapp products
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker.
network
low complexity
netapp
5.0