Vulnerabilities > Netapp > Oncommand Insight > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-04-22 CVE-2021-38886 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
8.8
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2021-12-09 CVE-2021-29678 Incorrect Authorization vulnerability in multiple products
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files.
network
low complexity
ibm netapp CWE-863
8.7
2021-12-09 CVE-2021-39002 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm netapp CWE-327
7.5
2021-12-03 CVE-2021-20470 Weak Password Requirements vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm netapp CWE-521
7.5
2021-12-03 CVE-2021-29756 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
8.8
2021-10-20 CVE-2021-35560 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment).
network
high complexity
oracle netapp
7.5
2021-10-20 CVE-2021-35583 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows).
network
low complexity
oracle netapp
7.5