Storagetek Tape Analytics SW Tool

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. network high complexity vmware oracle netapp	6.5
2020-05-01	CVE-2020-10683	XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. network low complexity dom4j-project oracle opensuse netapp canonical CWE-611 critical	9.8
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1
2020-04-27	CVE-2020-9488	Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. network high complexity apache oracle debian qos CWE-295	3.7
2019-09-18	CVE-2019-3740	Information Exposure Through Discrepancy vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. network low complexity dell oracle CWE-203	6.5
2019-09-18	CVE-2019-3739	Cryptographic Issues vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. network low complexity dell oracle CWE-310	6.5
2019-09-18	CVE-2019-3738	Missing Required Cryptographic Step vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. network low complexity dell mcafee oracle CWE-325	6.5
2019-06-19	CVE-2019-2729	Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-284 critical	9.8
2019-04-26	CVE-2019-2725	Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-74 critical	9.8
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1