Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2017-7345 Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
5.3
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
2017-02-07 CVE-2016-6495 Information Exposure vulnerability in Netapp Data Ontap
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
network
high complexity
netapp CWE-200
5.9
2017-02-07 CVE-2016-5372 Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snap Creator Framework
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
low complexity
netapp CWE-352
6.3
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-30 CVE-2015-7973 7PK - Security Features vulnerability in multiple products
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp siemens freebsd netapp canonical CWE-254
6.5
2016-12-05 CVE-2016-7171 Improper Certificate Validation vulnerability in Netapp Plug-In 2.0
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
network
high complexity
netapp CWE-295
5.6
2016-09-01 CVE-2016-5047 Unspecified vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
network
low complexity
netapp
6.5
2016-09-01 CVE-2016-3064 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
network
low complexity
netapp CWE-200
6.5