Vulnerabilities > Netapp > Oncommand System Manager > 2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2013-3322 | OS Command Injection vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | 7.2 |
| 2020-01-29 | CVE-2013-3321 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | 7.5 |
| 2020-01-29 | CVE-2013-3320 | Cross-site Scripting vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | 6.1 |
| 2017-02-07 | CVE-2016-3063 | Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 7.5 |