Vulnerabilities > Netapp > Oncommand Insight > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-22 CVE-2021-38886 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm netapp CWE-352
6.8
6.8
2022-04-22 CVE-2021-38904 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings.
network
low complexity
ibm netapp
6.5
6.5
2022-04-22 CVE-2021-38905 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to.
network
low complexity
ibm netapp
4.3
4.3
2022-04-22 CVE-2021-38946 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
5.4
2022-04-19 CVE-2022-21412 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle netapp
4.0
4.0
2022-04-19 CVE-2022-21413 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
network
low complexity
oracle netapp
4.0
4.0
2022-04-19 CVE-2022-21414 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle netapp
4.0
4.0
2022-04-19 CVE-2022-21415 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
network
low complexity
oracle netapp
4.0
4.0
2022-04-19 CVE-2022-21417 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
low complexity
oracle netapp
4.0
4.0
2022-04-19 CVE-2022-21418 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
oracle netapp
4.9
4.9