Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2019-2449 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle redhat netapp
2.6
2019-01-16 CVE-2019-2436 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
network
low complexity
oracle netapp redhat
5.5
2019-01-16 CVE-2019-2434 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
network
low complexity
oracle canonical netapp redhat
6.5
2019-01-16 CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle netapp opensuse hp
3.7
2019-01-16 CVE-2019-2422 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp redhat debian opensuse hp
3.1
2019-01-16 CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle canonical netapp redhat
4.9
2019-01-07 CVE-2018-5481 Missing Encryption of Sensitive Data vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
network
netapp CWE-311
5.8
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-17 CVE-2018-10933 Improper Authentication vulnerability in multiple products
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4.
network
low complexity
libssh canonical debian redhat netapp oracle CWE-287
6.4