Product:

Oncommand_unified_manager_core_package

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2021-01-14 CVE-2021-23926 The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. Xmlbeans, Oncommand_unified_manager_core_package, Snap_creator_framework, Snapmanager 9.1
2021-01-26 CVE-2021-3156 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Hci_management_node, Oncommand_unified_manager_core_package, Solidfire, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware 7.8
2020-10-21 CVE-2020-14779 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager_core_package, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre 3.7
2017-05-25 CVE-2017-7439 NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. Oncommand_unified_manager_core_package 7.5
2017-05-25 CVE-2017-7236 SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Oncommand_unified_manager_core_package 7.5