Product:

Oncommand_system_manager

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 9
Date ID Summary Products Score Patch
2020-03-24 CVE-2019-17276 OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. Oncommand_system_manager N/A
2020-01-31 CVE-2013-3322 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. Oncommand_system_manager N/A
2020-01-29 CVE-2013-3321 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. Oncommand_system_manager N/A
2020-01-29 CVE-2013-3320 Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. Oncommand_system_manager N/A
2018-06-22 CVE-2018-12538 In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. Jetty, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_web_services_proxy, Element_software, Hyper_converged_infrastructure, Oncommand_system_manager, Oncommand_unified_manager, Santricity_cloud_connector, Snap_creator_framework, Snapcenter, Snapmanager 8.8
2018-06-26 CVE-2017-7657 In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary... Debian_linux, Jetty, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_software, Element_software_management_node, Hci_storage_nodes, Oncommand_system_manager, Oncommand_unified_manager, Santricity_cloud_connector, Snap_creator_framework, Snapcenter, Snapmanager 9.8
2016-09-01 CVE-2016-5047 NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. Oncommand_system_manager 6.5
2017-07-03 CVE-2016-5045 NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. Oncommand_system_manager 8.1
2017-02-07 CVE-2016-3063 Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. Oncommand_system_manager 7.5