Vulnerabilities > Netapp > Snapcenter
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-09 | CVE-2024-21993 | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | 6.5 |
2024-02-16 | CVE-2024-21987 | Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 5.4 |
2023-10-12 | CVE-2023-27316 | Unspecified vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 7.8 |
2023-10-12 | CVE-2023-27313 | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | 8.8 |
2023-05-12 | CVE-2023-1096 | Unspecified vulnerability in Netapp Snapcenter 4.7/4.8 SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | 9.8 |
2022-12-23 | CVE-2022-43551 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. | 7.5 |
2022-09-29 | CVE-2022-38732 | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | 7.5 |
2022-07-07 | CVE-2022-2047 | Improper Input Validation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. | 2.7 |
2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. | 7.5 |
2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |