Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-26 CVE-2022-34357 IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting.
network
low complexity
netapp ibm
6.5
2024-02-26 CVE-2023-30996 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins.
network
low complexity
netapp ibm
5.3
2024-02-26 CVE-2023-32344 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path.
network
low complexity
netapp ibm
4.3
2024-02-26 CVE-2023-38359 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
6.1
2024-02-26 CVE-2023-43051 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
5.4
2024-02-16 CVE-2024-21983 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability.
network
low complexity
netapp
6.5
2024-02-16 CVE-2024-21984 Cross-site Scripting vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability.
network
high complexity
netapp CWE-79
6.9
2024-02-16 CVE-2024-21987 Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
network
low complexity
netapp CWE-863
5.4
2024-01-12 CVE-2024-21982 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.
network
low complexity
netapp
6.5
2023-12-21 CVE-2023-27319 Information Exposure Through an Error Message vulnerability in Netapp Ontap Mediator
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
network
low complexity
netapp CWE-209
5.3