Vulnerabilities > Netapp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-02 | CVE-2020-10771 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. | 5.8 |
2021-06-02 | CVE-2020-14326 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. | 5.0 |
2021-06-01 | CVE-2019-4471 | Missing Encryption of Sensitive Data vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. | 4.0 |
2021-06-01 | CVE-2019-4722 | Improper Handling of Exceptional Conditions vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. | 4.0 |
2021-06-01 | CVE-2019-4723 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. | 5.0 |
2021-06-01 | CVE-2019-4724 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. | 5.0 |
2021-06-01 | CVE-2019-4730 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2021-06-01 | CVE-2020-4300 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2021-06-01 | CVE-2020-4520 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. | 6.8 |
2021-05-27 | CVE-2020-14301 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in libvirt in versions before 6.3.0. | 4.0 |