Vulnerabilities > Netapp > Oncommand System Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2018-06-26 | CVE-2017-7658 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. | 9.8 |
2018-06-26 | CVE-2017-7657 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. | 9.8 |
2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |
2017-07-03 | CVE-2016-5045 | Information Exposure vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | 6.8 |
2017-02-07 | CVE-2016-3063 | Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager 2.0.2/2.1/2.2 Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 4.4 |
2016-09-01 | CVE-2016-5047 | Denial of Service vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | 4.0 |