Skip to main content

Oncommand Unified Manager For Clustered Data Ontap

3 CVEs product

Monthly

CVE-2017-14053 HIGH This Week

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Unified Manager For Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6667 CRITICAL PATCH Act Now

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oncommand Unified Manager For Clustered Data Ontap
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-2518 MEDIUM PATCH This Month

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ntp Debian Linux Clustered Data Ontap +14
NVD
CVSS 3.1
5.3
EPSS
3.5%
EPSS 0% CVSS 7.5
HIGH This Week

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Unified Manager For Clustered Data Ontap
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oncommand Unified Manager For Clustered Data Ontap
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ntp +16
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy