Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
network
low complexity
oracle netapp debian azul
5.3
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2022-01-26 CVE-2021-22570 NULL Pointer Dereference vulnerability in multiple products
Nullptr dereference when a null char is present in a proto symbol.
5.5
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-12-09 CVE-2021-29678 Incorrect Authorization vulnerability in multiple products
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files.
network
low complexity
ibm netapp CWE-863
8.7
2021-12-09 CVE-2021-38926 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks.
local
low complexity
ibm netapp
5.5
2021-12-09 CVE-2021-38931 Exposure of Resource to Wrong Sphere vulnerability in multiple products
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from.
network
low complexity
ibm netapp CWE-668
6.5
2021-12-09 CVE-2021-39002 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm netapp CWE-327
7.5
2021-12-03 CVE-2021-20470 Weak Password Requirements vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm netapp CWE-521
7.5