Skip to main content

Snapcenter Server CVE-2015-7887

HIGH
Improper Access Control (CWE-284)
2017-08-07 cve@mitre.org
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 07, 2017 - 17:29 cve.org
HIGH 8.1

DescriptionCVE.org

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.

AnalysisAI

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Affected products include: Netapp Snapcenter Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2020-11023 MEDIUM POC
6.1 Apr 29

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untru

CVE-2018-8014 CRITICAL
9.8 May 16

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0

CVE-2017-15516 HIGH
8.8 Nov 16

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability w

CVE-2016-1502 HIGH
7.3 Feb 07

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and dele

CVE-2020-14800 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severi

CVE-2020-14775 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vu

CVE-2020-14769 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.

CVE-2020-14799 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severi

CVE-2020-14794 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.

CVE-2020-14793 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.

CVE-2020-14790 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), thi

Share

CVE-2015-7887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy