Vulnerabilities > Netapp > Oncommand Insight > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2021-39009 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm netapp CWE-312
5.5
2022-09-01 CVE-2021-39045 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.
local
low complexity
ibm netapp CWE-522
5.5
2022-07-20 CVE-2022-31160 jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian
6.1
2022-06-24 CVE-2021-29768 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access.
network
low complexity
ibm netapp
6.5
2022-06-24 CVE-2021-39047 Cross-site Scripting vulnerability in multiple products
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9
2022-05-12 CVE-2022-22970 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
network
high complexity
vmware oracle netapp CWE-770
5.3
2022-05-12 CVE-2022-22971 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
network
low complexity
vmware oracle netapp CWE-770
6.5
2022-04-22 CVE-2021-20464 XML Entity Expansion vulnerability in multiple products
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user.
network
low complexity
ibm netapp CWE-776
6.5