Netapp Clustered Data Ontap vulnerabilities

CVE-2024-38476 [CRITICAL] CWE-829 CVE-2024-38476: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclos Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-38474 [CRITICAL] CWE-116 CVE-2024-38474: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-38477 [HIGH] CWE-476 CVE-2024-38477: null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-21985 [HIGH] CWE-269 CVE-2024-21985: ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or mod

CVE-2024-21982 [MEDIUM] CVE-2024-21982: ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.

CVE-2023-27314 [HIGH] CWE-400 CVE-2023-27314: ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptibl ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

CVE-2023-36054 [MEDIUM] CWE-824 CVE-2023-36054: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees a lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

CVE-2023-3107 [HIGH] CWE-190 CVE-2023-3107: A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a frag A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

CVE-2023-38403 [HIGH] CWE-190 CVE-2023-38403: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted lengt iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

CVE-2023-27533 [HIGH] CWE-75 CVE-2023-27533: A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This v

CVE-2023-27538 [MEDIUM] CWE-305 CVE-2023-27538: An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previousl An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two

CVE-2023-27537 [MEDIUM] CWE-415 CVE-2023-27537: A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handle A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end

CVE-2023-23914 [CRITICAL] CWE-319 CVE-2023-23914: A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would howe

CVE-2023-23915 [MEDIUM] CWE-319 CVE-2023-23915: A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS

CVE-2022-23241 [HIGH] CWE-284 CVE-2022-23241: Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are suscep Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

CVE-2021-27001 [MEDIUM] CVE-2021-27001: Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

CVE-2021-27003 [MEDIUM] CWE-1021 CVE-2021-27003: Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Fram Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

CVE-2021-26994 [MEDIUM] CVE-2021-26994: Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which cou Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.

CVE-2020-8590 [LOW] CVE-2020-8590: Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which co Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

CVE-2020-8578 [LOW] CVE-2020-8578: Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow a Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.