Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2021-12-03 CVE-2021-20493 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2021-12-03 CVE-2021-29716 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view.
network
low complexity
ibm netapp
6.5
2021-12-03 CVE-2021-29719 IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type.
network
low complexity
ibm netapp
5.3
2021-12-03 CVE-2021-29756 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
8.8
2021-12-03 CVE-2021-29867 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to.
network
low complexity
ibm netapp
5.4
2021-12-03 CVE-2021-38909 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-10-20 CVE-2021-35590 Out-of-bounds Write vulnerability in multiple products
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
high complexity
oracle netapp CWE-787
6.3
2021-10-20 CVE-2021-35592 Improper Validation of Array Index vulnerability in multiple products
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
high complexity
oracle netapp CWE-129
6.3
2021-10-20 CVE-2021-35593 Out-of-bounds Write vulnerability in multiple products
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
high complexity
oracle netapp CWE-787
6.3
2021-10-20 CVE-2021-35594 Improper Validation of Array Index vulnerability in multiple products
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
high complexity
oracle netapp CWE-129
6.3