RSS   Vulnerabilities for 'Ontap tools'   RSS

2021-12-14
 
CVE-2021-45046

CWE-502
 

 
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

 
2021-12-10
 
CVE-2021-44228

CWE-502
 

 
Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

 

 >>> Vendor: Netapp 93 Products
Data ontap
Oncommand balance
Oncommand workflow automation
Clustered data ontap
Oncommand system manager
Netapp plug-in
Snap creator framework
Metrocluster tiebreaker
Oncommand insight
Snapdrive
Virtual storage console for vmware vsphere
Snapcenter server
Oncommand unified manager for clustered data ontap
Ontap select administration utility
Oncommand unified manager core package
Altavault
Oncommand api
Storagegrid webscale
Vasa provider
Service level manager
Cloud backup
Hyper converged infrastructure
Solidfire element os
Oncommand unified manager
Santricity smi-s provider
Steelstore
Cn1610 firmware
Data ontap edge
Element software management node
Solidfire element os management node
Element software
Santricity cloud connector
Active iq
E-series santricity os controller
Snapcenter
Snapdriver
Ontap select deploy
Steelstore cloud integrated storage
Storage automation store
Snapmanager
Ontap select deploy utility
Storagegrid
Active iq performance analytics services
Ontap select deploy administration utility
Element software management
Fas/aff baseboard management controller
E-series santricity management plug-ins
E-series santricity web services proxy
Service processor
Aff baseboard management controller
Fas baseboard management controller
Storagegrid webscale nas bridge
Cloud insights
Oncommand api services
Trident
E-series santricity management
E-series santricity storage manager
E-series santricity web services
Brocade network advisor
Virtual storage console
Hyper converged infrastructure compute node
Clustered data ontap antivirus connector
Host agent
Smi-s provider
Hci storage nodes
Data ontap operating in 7-mode
Oncommand unified manger
Baseboard management controller firmware
E-series santricity unified manager
Oncommand cloud manager
Active iq unified manager
Element healthtools
Element os
HCI
Element
Hci management node
Solidfire
Hci storage node
Element plug-in for vcenter server
Management services for element software and netapp hci
Solidfire \& hci management node
Cloud manager
Brocade fabric os
Manageability software development kit
Storage encryption
Santricity unified manager
Ontap system manager
Brocade san navigator
Cloud insights acquisition unit
Cloud secure agent
Ontap tools
Fas\/aff bios
Cloud volumes ontap mediator


Copyright 2022, cxsecurity.com

 

Back to Top