RSS   Vulnerabilities for 'Oncommand system manager'   RSS

2021-02-08
 
CVE-2020-8587

NVD-CWE-noinfo
 

 
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

 
2020-03-24
 
CVE-2019-17276

CWE-79
 

 
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.

 
2020-01-31
 
CVE-2013-3322

CWE-78
 

 
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

 
2020-01-29
 
CVE-2013-3321

CWE-829
 

 
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

 
 
CVE-2013-3320

CWE-79
 

 
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.

 
2018-06-26
 
CVE-2017-7657

CWE-190
 

 
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

 
2017-07-03
 
CVE-2016-5045

 

 
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.

 
2017-02-07
 
CVE-2016-3063

CWE-116
 

 
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.

 
2016-09-01
 
CVE-2016-5047

CWE-noinfo
 

 
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.

 

 >>> Vendor: Netapp 93 Products
Data ontap
Oncommand balance
Oncommand workflow automation
Clustered data ontap
Oncommand system manager
Netapp plug-in
Snap creator framework
Metrocluster tiebreaker
Oncommand insight
Snapdrive
Virtual storage console for vmware vsphere
Snapcenter server
Oncommand unified manager for clustered data ontap
Ontap select administration utility
Oncommand unified manager core package
Altavault
Oncommand api
Storagegrid webscale
Vasa provider
Service level manager
Cloud backup
Hyper converged infrastructure
Solidfire element os
Oncommand unified manager
Santricity smi-s provider
Steelstore
Cn1610 firmware
Data ontap edge
Element software management node
Solidfire element os management node
Element software
Santricity cloud connector
Active iq
E-series santricity os controller
Snapcenter
Snapdriver
Ontap select deploy
Steelstore cloud integrated storage
Storage automation store
Snapmanager
Ontap select deploy utility
Storagegrid
Active iq performance analytics services
Ontap select deploy administration utility
Element software management
Fas/aff baseboard management controller
E-series santricity management plug-ins
E-series santricity web services proxy
Service processor
Aff baseboard management controller
Fas baseboard management controller
Storagegrid webscale nas bridge
Cloud insights
Oncommand api services
Trident
E-series santricity management
E-series santricity storage manager
E-series santricity web services
Brocade network advisor
Virtual storage console
Hyper converged infrastructure compute node
Clustered data ontap antivirus connector
Host agent
Smi-s provider
Hci storage nodes
Data ontap operating in 7-mode
Oncommand unified manger
Baseboard management controller firmware
E-series santricity unified manager
Oncommand cloud manager
Active iq unified manager
Element healthtools
Element os
HCI
Element
Hci management node
Solidfire
Hci storage node
Element plug-in for vcenter server
Management services for element software and netapp hci
Solidfire \& hci management node
Cloud manager
Brocade fabric os
Manageability software development kit
Storage encryption
Santricity unified manager
Ontap system manager
Brocade san navigator
Cloud insights acquisition unit
Cloud secure agent
Ontap tools
Fas\/aff bios
Cloud volumes ontap mediator


Copyright 2022, cxsecurity.com

 

Back to Top