Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_system_manager
(Netapp)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 26 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-12-03 | CVE-2020-17527 | While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. | Tomcat, Debian_linux, Element_plug\-In, Oncommand_system_manager, Blockchain_platform, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_instant_messaging_server, Instantis_enterprisetrack, Mysql_enterprise_monitor, Sd\-Wan_edge, Workload_manager | 7.5 | ||
2020-05-19 | CVE-2020-7656 | jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | Jquery, Junos, Active_iq_unified_manager, Cloud_backup, Oncommand_system_manager, Snap_creator_framework, Peoplesoft_enterprise_peopletools | 6.1 | ||
2021-02-08 | CVE-2020-8587 | OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs. | Oncommand_system_manager | 5.5 | ||
2020-03-24 | CVE-2019-17276 | OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | Oncommand_system_manager | N/A | ||
2020-01-31 | CVE-2013-3322 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | Oncommand_system_manager | N/A | ||
2020-01-29 | CVE-2013-3321 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | Oncommand_system_manager | N/A | ||
2020-01-29 | CVE-2013-3320 | Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | Oncommand_system_manager | N/A | ||
2016-09-01 | CVE-2016-5047 | NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | Oncommand_system_manager | 6.5 | ||
2017-07-03 | CVE-2016-5045 | NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | Oncommand_system_manager | 8.1 | ||
2017-02-07 | CVE-2016-3063 | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | Oncommand_system_manager | 7.5 |