Skip to main content

Oncommand Balance CVE-2014-9354

MEDIUM
Information Exposure (CWE-200)
2015-02-06 cve@mitre.org
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 06, 2015 - 11:59 cve.org
MEDIUM 4.0

DescriptionCVE.org

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.

AnalysisAI

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. Affected products include: Netapp Oncommand Balance. Version information: before 4.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2015-7871 CRITICAL POC
9.8 Aug 07

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authen

CVE-2015-7855 MEDIUM POC
6.5 Aug 07

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2015-7853 CRITICAL
9.8 Aug 07

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attacker

CVE-2015-7974 HIGH POC
7.7 Jan 26

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating pac

CVE-2016-9841 CRITICAL
9.8 May 23

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe

CVE-2017-10309 HIGH POC
7.1 Oct 19

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), thi

CVE-2017-10355 MEDIUM POC
5.3 Oct 19

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated me

CVE-2014-9353 CRITICAL
10.0 Feb 06

NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain pri

CVE-2017-10111 CRITICAL
9.6 Aug 08

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical sev

CVE-2017-10086 CRITICAL
9.6 Aug 08

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated critical severity (CVSS 9.6), thi

CVE-2017-10346 CRITICAL
9.6 Oct 19

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated critical sever

Share

CVE-2014-9354 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy