Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2022-12-20 CVE-2022-38733 Unspecified vulnerability in Netapp Oncommand Insight
OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.
network
low complexity
netapp
8.6
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2022-09-01 CVE-2020-4301 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-20468 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-29823 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-39009 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm netapp CWE-312
5.5
2022-09-01 CVE-2021-39045 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.
local
low complexity
ibm netapp CWE-522
5.5
2022-09-01 CVE-2022-30614 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request.
network
low complexity
ibm netapp
7.5
2022-09-01 CVE-2022-36773 XXE vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
8.1
2022-08-31 CVE-2022-1259 A flaw was found in Undertow.
network
low complexity
redhat netapp
7.5