Vulnerabilities > Netapp > Oncommand Unified Manager > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-17 | CVE-2018-3155 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 7.7 |
2018-07-18 | CVE-2018-2964 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 8.3 |
2018-07-18 | CVE-2018-2942 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). | 8.3 |
2018-07-18 | CVE-2018-2941 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 8.3 |
2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |
2018-05-24 | CVE-2018-5485 | Unspecified vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. | 7.8 |
2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |
2018-04-25 | CVE-2018-5486 | Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | 7.8 |
2018-04-19 | CVE-2018-2826 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 8.3 |
2018-04-19 | CVE-2018-2825 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 8.3 |