Netapp Clustered Data Ontap vulnerabilities

CVE-2021-26988 [LOW] CVE-2021-26988: Clustered Data ONTAP versions prior to 9 Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.

CVE-2020-8590 [LOW] CVE-2020-8590: Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which co Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

CVE-2020-8578 [LOW] CVE-2020-8578: Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow a Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

CVE-2020-8588 [LOW] CVE-2020-8588: Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which co Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).

CVE-2020-8589 [LOW] CVE-2020-8589: Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which co Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.

CVE-2020-8581 [MEDIUM] CVE-2020-8581: Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

CVE-2020-8579 [HIGH] CVE-2020-8579: Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an a Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

CVE-2020-8576 [MEDIUM] CVE-2020-8576: Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerabil Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.

CVE-2019-5508 [HIGH] CVE-2019-5508: Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an att Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).

CVE-2019-5506 [MEDIUM] CWE-295 CVE-2019-5506: Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circ Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

CVE-2019-10092 [MEDIUM] CWE-79 CVE-2019-10092: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that

CVE-2019-8936 [HIGH] CWE-476 CVE-2019-8936: NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP through 4.2.8p12 has a NULL Pointer Dereference.

CVE-2019-5491 [HIGH] CVE-2019-5491: Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerabil Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.

CVE-2018-5498 [MEDIUM] CWE-20 CVE-2018-5498: Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configu

CVE-2018-5497 [MEDIUM] CWE-200 CVE-2018-5497: Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability w Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

CVE-2018-5490 [HIGH] CWE-732 CVE-2018-5490: Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candida Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the N

CVE-2017-14583 [MEDIUM] CWE-20 CVE-2017-14583: NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerabilit NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.

CVE-2017-5201 [MEDIUM] CVE-2017-5201: NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obt NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.

CVE-2017-12421 [HIGH] CVE-2017-12421: NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbit NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.

CVE-2017-12423 [HIGH] CVE-2017-12423: NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.