Vulnerabilities > Netapp > Oncommand Workflow Automation > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2021-3859 Information Exposure Through Process Environment vulnerability in multiple products
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2.
network
low complexity
redhat netapp CWE-214
7.5
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-04-19 CVE-2022-21449 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
network
low complexity
oracle debian netapp azul
7.5
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2022-02-04 CVE-2022-23913 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
network
low complexity
apache netapp CWE-770
7.5
2022-01-06 CVE-2021-46143 Integer Overflow or Wraparound vulnerability in multiple products
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
7.8
2022-01-01 CVE-2021-45960 Incorrect Calculation vulnerability in multiple products
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5