Netapp Cloud Manager vulnerabilities

CVE-2021-27002 [HIGH] CVE-2021-27002: NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.

CVE-2021-26998 [MEDIUM] CWE-532 CVE-2021-26998: NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to aut NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.

CVE-2021-26999 [MEDIUM] CWE-532 CVE-2021-26999: NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory conn NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fix

CVE-2021-28165 [HIGH] CWE-400 CVE-2021-28165: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage ca In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

CVE-2021-26990 [CRITICAL] CWE-862 CVE-2021-26990: Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote a Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.

CVE-2021-26992 [HIGH] CVE-2021-26992: Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).

CVE-2021-26991 [HIGH] CVE-2021-26991: Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) polic Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.