Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Product filter

Snapcenter Server Subscribe

Filter

7 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8014 4 Apache, Canonical, Netapp and 1 more 7 Tomcat, Ubuntu Linux, Oncommand Insight and 4 more 2019-10-03 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS...
CVE-2018-5482 1 Netapp 1 Snapcenter Server 2019-10-03 5.0
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
CVE-2017-15519 1 Netapp 1 Snapcenter Server 2019-10-03 6.4
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade...
CVE-2016-8610 4 Openssl, Netapp, Redhat and 1 more 25 Openssl, Clustered Data Ontap Antivirus Connector, Data Ontap and 22 more 2019-07-23 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL...
CVE-2017-15516 1 Netapp 1 Snapcenter Server 2017-12-02 6.8
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
CVE-2015-7887 1 Netapp 1 Snapcenter Server 2017-08-10 6.5
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
CVE-2016-1502 1 Netapp 1 Snapcenter Server 2017-02-24 7.5
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.