Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-05 CVE-2016-7171 Improper Certificate Validation vulnerability in Netapp Plug-In 2.0
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
network
high complexity
netapp CWE-295
5.6
2016-09-01 CVE-2016-5047 Unspecified vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
network
low complexity
netapp
6.5
2016-09-01 CVE-2016-3064 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
network
low complexity
netapp CWE-200
6.5
2016-04-07 CVE-2016-1563 Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
netapp CWE-20
6.8
2014-11-24 CVE-2010-5312 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
6.1