Vulnerabilities > Netapp > Storage Replication Adapter FOR Clustered Data Ontap > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-01	CVE-2021-28164	In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. network low complexity eclipse netapp oracle	5.3
2019-04-22	CVE-2019-10247	Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. network low complexity eclipse netapp oracle debian CWE-200	5.3
2019-04-22	CVE-2019-10246	Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. network low complexity eclipse netapp oracle CWE-200	5.3
2018-07-18	CVE-2018-2973	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). network high complexity oracle redhat netapp hp	5.9
2018-07-18	CVE-2018-2940	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle hp redhat netapp	4.3
2018-01-18	CVE-2018-2581	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). network low complexity oracle redhat netapp	4.7
2017-10-26	CVE-2017-15906	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. network low complexity openbsd oracle debian netapp redhat CWE-732	5.3
2017-10-19	CVE-2017-10357	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat netapp debian	5.3
2017-10-19	CVE-2017-10356	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). local low complexity oracle redhat netapp debian	6.2
2017-10-19	CVE-2017-10355	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). network low complexity oracle redhat netapp debian	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.