Vulnerabilities > Netapp > Storagegrid > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-21988 Improper Verification of Cryptographic Signature vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.
network
high complexity
netapp CWE-347
5.3
2024-02-16 CVE-2024-21983 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability.
network
low complexity
netapp
6.5
2024-02-16 CVE-2024-21984 Cross-site Scripting vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability.
network
high complexity
netapp CWE-79
6.9
2022-08-10 CVE-2022-23238 Unspecified vulnerability in Netapp Storagegrid 11.6.0
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.
network
low complexity
netapp
6.5
2022-03-04 CVE-2022-23232 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access.
network
low complexity
netapp
4.9
2021-12-23 CVE-2021-27006 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.
local
low complexity
netapp
4.4
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-01-26 CVE-2021-3114 Incorrect Calculation vulnerability in multiple products
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
network
low complexity
golang fedoraproject debian netapp CWE-682
6.5
2020-04-15 CVE-2020-2830 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). 5.3