Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_balance
(Netapp)| Repositories |
• https://github.com/mm2/Little-CMS
• https://github.com/madler/zlib |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-01 | CVE-2017-15707 | In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | Struts, Oncommand_balance, Agile_plm_framework, Enterprise_manager_for_virtualization, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_market_risk_measurement_and_management, Global_lifecycle_management_opatchauto, Jd_edwards_enterpriseone_tools, Retail_order_broker, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server | 6.2 | ||
| 2017-10-16 | CVE-2016-4461 | Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | Struts, Oncommand_balance | 8.8 | ||
| 2015-02-06 | CVE-2014-9354 | NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | Oncommand_balance | N/A | ||
| 2015-02-06 | CVE-2014-9353 | NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | Oncommand_balance | N/A |