Vulnerabilities > Netapp > Oncommand Unified Manager > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-3155 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
network
low complexity
oracle netapp canonical
7.7
2018-07-18 CVE-2018-2964 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2942 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
high complexity
oracle netapp
8.3
2018-06-22 CVE-2018-12538 Session Fixation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
network
low complexity
eclipse netapp CWE-384
8.8
2018-05-24 CVE-2018-5485 Unspecified vulnerability in Netapp Oncommand Unified Manager 7.2/7.3
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
local
low complexity
netapp
7.8
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
8.8
2018-04-25 CVE-2018-5486 Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
local
low complexity
netapp CWE-306
7.8
2018-04-19 CVE-2018-2826 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3
2018-04-19 CVE-2018-2825 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle canonical netapp
8.3