Vulnerabilities > Netapp > Snapcenter Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14775 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.5 |
| 2020-10-21 | CVE-2020-14773 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
| 2020-10-21 | CVE-2020-14769 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
| 2020-10-21 | CVE-2020-14672 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.9 |
| 2020-04-29 | CVE-2020-11023 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2019-03-04 | CVE-2018-5482 | Missing Encryption of Sensitive Data vulnerability in Netapp Snapcenter Server NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | 5.0 |
| 2019-03-04 | CVE-2017-15515 | Cross-site Scripting vulnerability in Netapp Snapcenter Server NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | 3.5 |
| 2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
| 2018-03-06 | CVE-2017-15519 | Improper Authentication vulnerability in Netapp Snapcenter Server 2.0/3.0/3.0.1 Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. | 6.4 |
| 2017-11-16 | CVE-2017-15516 | Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | 6.8 |