Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-2973 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat netapp hp
5.9
2018-07-18 CVE-2018-2964 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2952 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency).
network
high complexity
oracle debian canonical hp redhat netapp
3.7
2018-07-18 CVE-2018-2942 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2940 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle hp redhat netapp
4.3
2018-07-18 CVE-2018-2938 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB).
network
high complexity
oracle netapp
critical
9.0
2018-06-26 CVE-2017-7657 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly.
network
low complexity
eclipse debian netapp hp oracle CWE-444
critical
9.8
2018-06-22 CVE-2018-12538 Session Fixation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
network
low complexity
eclipse netapp CWE-384
8.8
2018-06-22 CVE-2017-7568 Information Exposure vulnerability in Netapp Oncommand Unified Manager 5.1/5.2.1/5.2.2
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
network
high complexity
netapp CWE-200
5.3