Oncommand Unified Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-24	CVE-2018-5487	Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. network low complexity netapp CWE-20 critical	9.8
2018-05-24	CVE-2018-5485	Unspecified vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. local low complexity netapp	7.8
2018-05-16	CVE-2018-11212	Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. network low complexity ijg debian canonical netapp oracle redhat opensuse CWE-369	6.5
2018-05-16	CVE-2018-8014	Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. network low complexity apache canonical debian netapp CWE-1188 critical	9.8
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	8.8
2018-04-25	CVE-2018-5486	Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. local low complexity netapp CWE-306	7.8
2018-04-19	CVE-2018-2846	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). network low complexity oracle canonical netapp	4.9
2018-04-19	CVE-2018-2839	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). network low complexity oracle canonical netapp	4.9
2018-04-19	CVE-2018-2826	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle canonical netapp	8.3
2018-04-19	CVE-2018-2825	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle canonical netapp	8.3