Vulnerabilities > Netapp > Oncommand Balance > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-02-06 CVE-2017-7525 Incomplete Blacklist vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle CWE-184
critical
9.8
2017-10-19 CVE-2017-10285 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-10-16 CVE-2016-4461 Improper Input Validation vulnerability in multiple products
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
network
low complexity
apache netapp CWE-20
critical
9.0
2017-08-08 CVE-2017-10087 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10090 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian netapp redhat
critical
9.6
2017-08-08 CVE-2017-10096 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10101 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10102 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle debian phoenixcontact netapp redhat
critical
9.0
2017-08-08 CVE-2017-10107 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
9.6