Vulnerabilities > Netapp > Oncommand Workflow Automation

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
high complexity
oracle netapp
8.3
2018-07-18 CVE-2018-2940 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle hp redhat netapp
4.3
2018-07-18 CVE-2018-2938 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB).
network
high complexity
oracle netapp
critical
9.0
2018-07-18 CVE-2018-2767 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).
network
high complexity
oracle debian canonical redhat mariadb netapp
3.1
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-06-07 CVE-2018-12015 Link Following vulnerability in multiple products
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
network
low complexity
canonical debian perl archive apple netapp CWE-59
7.5
2018-06-05 CVE-2018-1000180 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
network
low complexity
bouncycastle debian oracle netapp redhat CWE-327
7.5
2018-05-16 CVE-2018-11212 Divide By Zero vulnerability in multiple products
An issue was discovered in libjpeg 9a and 9d.
6.5
2018-05-16 CVE-2018-8014 Insecure Default Initialization of Resource vulnerability in multiple products
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.
network
low complexity
apache canonical debian netapp CWE-1188
critical
9.8
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
8.8