CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netapp : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5600 264 2017-02-02 2017-02-09
7.5
None Remote Low Not required Partial Partial Partial
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
2 CVE-2016-7172 200 +Info 2016-12-21 2016-12-23
5.0
None Remote Low Not required Partial None None
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
3 CVE-2016-7171 295 2016-12-05 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
4 CVE-2016-6820 200 +Info 2017-01-11 2017-01-12
5.0
None Remote Low Not required Partial None None
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
5 CVE-2016-6667 Exec Code 2017-02-07 2017-02-24
7.5
None Remote Low Not required Partial Partial Partial
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
6 CVE-2016-6495 200 +Info 2017-02-07 2017-02-24
4.3
None Remote Medium Not required Partial None None
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
7 CVE-2016-5711 2017-02-07 2017-02-24
6.8
None Remote Medium Not required Partial Partial Partial
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
8 CVE-2016-5372 352 CSRF 2017-02-07 2017-02-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
9 CVE-2016-5047 DoS 2016-09-01 2016-12-06
4.0
None Remote Low Single system None None Partial
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
10 CVE-2016-4341 200 +Info 2017-02-07 2017-02-24
5.0
None Remote Low Not required Partial None None
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
11 CVE-2016-3064 200 +Info 2016-08-31 2016-11-28
4.0
None Remote Low Single system Partial None None
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
12 CVE-2016-3063 116 Exec Code 2017-02-07 2017-02-24
4.4
None Local Medium Not required Partial Partial Partial
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
13 CVE-2016-1894 284 Bypass 2017-02-07 2017-02-16
9.3
None Remote Medium Not required Complete Complete Complete
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
14 CVE-2016-1563 20 +Info 2016-04-07 2016-04-07
5.8
None Remote Medium Not required Partial Partial None
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
15 CVE-2016-1502 287 Bypass 2017-02-07 2017-02-24
7.5
None Remote Low Not required Partial Partial Partial
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
16 CVE-2015-8544 200 +Info 2017-02-07 2017-02-24
5.0
None Remote Low Not required Partial None None
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
17 CVE-2015-8322 Exec Code 2017-02-07 2017-02-24
6.5
None Remote Low Single system Partial Partial Partial
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
18 CVE-2015-8020 200 +Info 2017-01-11 2017-01-12
4.3
None Remote Medium Not required Partial None None
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
19 CVE-2015-7886 200 +Info 2016-01-18 2016-01-21
4.3
None Remote Medium Not required Partial None None
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
20 CVE-2015-3292 17 Exec Code 2015-05-31 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
21 CVE-2014-9354 200 +Info 2015-02-06 2015-02-09
4.0
None Remote Low Single system Partial None None
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
22 CVE-2014-9353 264 +Priv 2015-02-06 2015-02-06
10.0
None Remote Low Not required Complete Complete Complete
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.
23 CVE-2008-3349 264 DoS Exec Code +Info 2008-07-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.