Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

206 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-15516 1 Netapp 1 Snapcenter Server 2017-12-02 6.8
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
CVE-2017-5201 1 Netapp 1 Clustered Data Ontap 2017-11-29 2.7
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.
CVE-2016-6820 1 Netapp 1 Metrocluster Tiebreaker 2017-11-16 5.0
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
CVE-2016-5372 1 Netapp 1 Snap Creator Framework 2017-11-16 6.8
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVE-2016-5047 1 Netapp 1 Oncommand System Manager 2017-11-16 4.0
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
CVE-2016-3064 1 Netapp 1 Clustered Data Ontap 2017-11-16 4.0
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
CVE-2016-3063 1 Netapp 1 Oncommand System Manager 2017-11-16 4.4
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVE-2016-1894 1 Netapp 1 Oncommand Workflow Automation 2017-11-16 9.3
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2016-1563 1 Netapp 1 Clustered Data Ontap 2017-11-16 5.8
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-8544 1 Netapp 1 Snapdrive 2017-11-16 5.0
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-8322 1 Netapp 1 Data Ontap 2017-11-16 6.5
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2015-8020 1 Netapp 1 Clustered Data Ontap 2017-11-16 4.3
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
CVE-2015-7886 1 Netapp 1 Data Ontap 2017-11-16 4.3
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
CVE-2017-12421 1 Netapp 1 Clustered Data Ontap 2017-09-06 6.5
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2017-12423 1 Netapp 1 Clustered Data Ontap 2017-09-06 4.0
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
CVE-2017-12422 1 Netapp 1 Storagegrid Webscale 2017-09-06 4.0
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.
CVE-2017-14053 1 Netapp 1 Oncommand Unified Manager For Clustered Data Ontap 2017-09-06 5.0
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission...
CVE-2015-7746 1 Netapp 1 Data Ontap 2017-09-06 7.5
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
CVE-2016-1895 1 Netapp 1 Data Ontap 2017-09-06 4.0
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
CVE-2016-3400 1 Netapp 1 Data Ontap 2017-08-31 6.8
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.