Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2021-20468 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-29823 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-39009 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm netapp CWE-312
5.5
2022-09-01 CVE-2021-39045 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.
local
low complexity
ibm netapp CWE-522
5.5
2022-08-31 CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function.
local
low complexity
libtiff fedoraproject redhat netapp debian
5.5
2022-08-31 CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.
local
low complexity
libtiff fedoraproject redhat netapp debian
6.1
2022-08-31 CVE-2022-39046 Information Exposure Through Log Files vulnerability in multiple products
An issue was discovered in the GNU C Library (glibc) 2.36.
network
low complexity
gnu netapp CWE-532
5.3
2022-08-29 CVE-2022-36033 Cross-site Scripting vulnerability in multiple products
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety.
network
low complexity
jsoup netapp CWE-79
6.1
2022-08-29 CVE-2022-2953 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff netapp debian CWE-125
5.5
2022-08-25 CVE-2022-23235 Unspecified vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
network
low complexity
netapp
5.3