Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-23 CVE-2021-27006 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.
local
low complexity
netapp
4.4
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-16 CVE-2021-42550 Deserialization of Untrusted Data vulnerability in multiple products
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
network
high complexity
qos redhat netapp siemens CWE-502
6.6
2021-12-09 CVE-2021-43797 HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian CWE-444
6.5
2021-12-09 CVE-2021-38926 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks.
local
low complexity
ibm netapp
5.5
2021-12-09 CVE-2021-38931 Exposure of Resource to Wrong Sphere vulnerability in multiple products
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from.
network
low complexity
ibm netapp CWE-668
6.5
2021-12-03 CVE-2021-20493 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2021-12-03 CVE-2021-29716 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view.
network
low complexity
ibm netapp
6.5
2021-12-03 CVE-2021-29719 IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type.
network
low complexity
ibm netapp
5.3
2021-12-03 CVE-2021-29867 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to.
network
low complexity
ibm netapp
5.4