Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-2940 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle hp redhat netapp
4.3
2018-07-18 CVE-2018-2938 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB).
network
oracle netapp
6.8
2018-06-26 CVE-2017-7657 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly.
network
low complexity
eclipse debian netapp hp oracle CWE-444
critical
9.8
2018-06-22 CVE-2018-12538 Session Fixation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
network
low complexity
eclipse netapp CWE-384
8.8
2018-06-22 CVE-2017-7568 Information Exposure vulnerability in Netapp Oncommand Unified Manager 5.1/5.2.1/5.2.2
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
network
netapp CWE-200
3.5
2018-05-24 CVE-2018-5487 Improper Input Validation vulnerability in Netapp Oncommand Unified Manager
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
network
low complexity
netapp linux CWE-20
7.5
2018-05-24 CVE-2018-5485 Unspecified vulnerability in Netapp Oncommand Unified Manager
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
local
low complexity
netapp microsoft
4.6
2018-05-16 CVE-2018-11212 Divide By Zero vulnerability in multiple products
An issue was discovered in libjpeg 9a and 9d.
4.3
2018-05-16 CVE-2018-8014 Insecure Default Initialization of Resource vulnerability in multiple products
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.
network
low complexity
apache canonical debian netapp CWE-1188
critical
9.8
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
6.5