Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2020-10771 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests.
5.8
2021-06-02 CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes.
network
low complexity
redhat netapp
5.0
2021-06-01 CVE-2019-4471 Missing Encryption of Sensitive Data vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session.
network
low complexity
ibm netapp CWE-311
4.0
2021-06-01 CVE-2019-4722 Improper Handling of Exceptional Conditions vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions.
network
low complexity
ibm netapp CWE-755
4.0
2021-06-01 CVE-2019-4723 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page.
network
low complexity
ibm netapp CWE-522
5.0
2021-06-01 CVE-2019-4724 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page.
network
low complexity
ibm netapp CWE-522
5.0
2021-06-01 CVE-2019-4730 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
5.5
2021-06-01 CVE-2020-4300 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
6.4
2021-06-01 CVE-2020-4520 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code.
network
ibm netapp CWE-79
6.8
2021-05-27 CVE-2020-14301 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An information disclosure vulnerability was found in libvirt in versions before 6.3.0.
network
low complexity
redhat netapp CWE-212
4.0