Product:

Snapcenter_server

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 8
Date ID Summary Products Score Patch
2018-03-06 CVE-2017-15519 Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation. Snapcenter_server 7.2
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Debian_linux, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Data_ontap, Data_ontap_edge, E\-Series_santricity_os_controller, Host_agent, Oncommand_balance, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Service_processor, Smi\-S_provider, Snapcenter_server, Snapdrive, Storagegrid, Storagegrid_webscale, Openssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform 7.5
2018-05-16 CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. Tomcat, Ubuntu_linux, Debian_linux, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter_server, Storage_automation_store 9.8
2019-03-04 CVE-2018-5482 NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. Snapcenter_server 5.3
2017-11-16 CVE-2017-15516 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. Snapcenter_server 8.8
2019-03-04 CVE-2017-15515 NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. Snapcenter_server 4.8
2017-02-07 CVE-2016-1502 NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. Snapcenter_server 7.3
2017-08-07 CVE-2015-7887 NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Snapcenter_server 8.1