Vulnerabilities > Netapp > Oncommand Unified Manager > 5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-28 | CVE-2020-8585 | Link Following vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | 2.1 |
| 2019-01-07 | CVE-2018-5481 | Missing Encryption of Sensitive Data vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | 5.8 |
| 2018-06-26 | CVE-2017-7657 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. | 9.8 |
| 2018-06-22 | CVE-2017-7568 | Information Exposure vulnerability in Netapp Oncommand Unified Manager 5.1/5.2.1/5.2.2 NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | 3.5 |
| 2017-11-10 | CVE-2017-11461 | Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 5.1 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | 4.3 |