Netapp Active Iq Unified Manager vulnerabilities
219 known vulnerabilities affecting netapp/active_iq_unified_manager.
Total CVEs
219
CISA KEV
2
actively exploited
Public exploits
6
Exploited in wild
3
Severity breakdown
CRITICAL25HIGH43MEDIUM123LOW28
Vulnerabilities
Page 5 of 11
CVE-2020-2774MEDIUMCVSS 4.9≥ 7.3≥ 9.52020-04-15
CVE-2020-2774 [MEDIUM] CVE-2020-2774: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthoriz
nvd
CVE-2020-2763MEDIUMCVSS 4.9≥ 7.3≥ 9.52020-04-15
CVE-2020-2763 [MEDIUM] CVE-2020-2763: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerab
nvd
CVE-2020-2800MEDIUMCVSS 4.8≥ 7.3≥ 9.52020-04-15
CVE-2020-2800 [MEDIUM] CVE-2020-2800: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTT
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed
nvd
CVE-2020-2759MEDIUMCVSS 4.9≥ 7.3≥ 9.52020-04-15
CVE-2020-2759 [MEDIUM] CVE-2020-2759: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit
nvd
CVE-2020-2765MEDIUMCVSS 4.9≥ 7.3≥ 9.52020-04-15
CVE-2020-2765 [MEDIUM] CVE-2020-2765: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in u
nvd
CVE-2020-2892MEDIUMCVSS 4.9≥ 7.3≥ 9.52020-04-15
CVE-2020-2892 [MEDIUM] CVE-2020-2892: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t
nvd
CVE-2020-2922LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2922 [LOW] CVE-2020-2922: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions tha
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can resul
nvd
CVE-2020-2756LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2756 [LOW] CWE-502 CVE-2020-2756: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2020-2755LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2755 [LOW] CVE-2020-2755: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2020-2754LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2754 [LOW] CVE-2020-2754: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2020-2757LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2757 [LOW] CWE-502 CVE-2020-2757: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2020-2773LOWCVSS 3.7≥ 7.3≥ 9.52020-04-15
CVE-2020-2773 [LOW] CVE-2020-2773: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at
nvd
CVE-2020-11619HIGHCVSS 8.1≥ 7.3≥ 9.52020-04-07
CVE-2020-11619 [HIGH] CWE-502 CVE-2020-11619: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
nvd
CVE-2020-11620HIGHCVSS 8.1≥ 7.3≥ 9.52020-04-07
CVE-2020-11620 [HIGH] CWE-502 CVE-2020-11620: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
nvd
CVE-2020-9546CRITICALCVSS 9.8≥ 7.3≥ 9.52020-03-02
CVE-2020-9546 [CRITICAL] CWE-502 CVE-2020-9546: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
nvd
CVE-2020-9548CRITICALCVSS 9.8PoC≥ 7.3≥ 9.52020-03-02
CVE-2020-9548 [CRITICAL] CWE-502 CVE-2020-9548: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
nvd
CVE-2020-9547CRITICALCVSS 9.8PoC≥ 7.3≥ 9.52020-03-02
CVE-2020-9547 [CRITICAL] CWE-502 CVE-2020-9547: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
nvd
CVE-2020-2604HIGHCVSS 8.1≥ 7.3≥ 9.52020-01-15
CVE-2020-2604 [HIGH] CWE-502 CVE-2020-2604: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed
nvd
CVE-2020-2601MEDIUMCVSS 6.8≥ 7.3≥ 9.52020-01-15
CVE-2020-2601 [MEDIUM] CVE-2020-2601: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulner
nvd
CVE-2020-2593MEDIUMCVSS 4.8≥ 7.3≥ 9.52020-01-15
CVE-2020-2593 [MEDIUM] CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succ
nvd