Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Santricity_cloud_connector
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-01 | CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | Ignite, Solr, Jetty, Fedora, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snapcenter, Snapcenter_plug\-In, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue_for_agile_product_lifecycle_management, Banking_apis, Banking_digital_experience, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Siebel_core_\-_automation | 2.7 | ||
| 2021-04-01 | CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | Jetty, Jenkins, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_storage, E\-Series_santricity_web_services, Ontap_tools, Santricity_cloud_connector, Santricity_web_services_proxy, Snapcenter, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Autovue_for_agile_product_lifecycle_management, Communications_cloud_native_core_policy, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Rest_data_services, Siebel_core_\-_automation | 7.5 | ||
| 2021-04-01 | CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | Jetty, Cloud_manager, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snapcenter, Snapcenter_plug\-In, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue_for_agile_product_lifecycle_management, Banking_apis, Banking_digital_experience, Communications_session_route_manager, Siebel_core_\-_automation | 5.3 | ||
| 2021-06-22 | CVE-2021-34428 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. | Debian_linux, Jetty, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snap_creator_framework, Snapmanager, Autovue_for_agile_product_lifecycle_management, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Rest_data_services, Siebel_core_\-_automation | 3.5 | ||
| 2018-01-18 | CVE-2018-2581 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this... | Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Satellite | 4.7 | ||
| 2018-01-18 | CVE-2018-2638 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this... | Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 8.3 | ||
| 2018-03-26 | CVE-2017-15710 | In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters... | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 7.5 | ||
| 2018-03-26 | CVE-2017-15715 | In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 8.1 | ||
| 2018-03-26 | CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 5.3 | ||
| 2018-03-26 | CVE-2018-1301 | A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 5.9 |