Netapp Clustered Data Ontap vulnerabilities

49 known vulnerabilities affecting netapp/clustered_data_ontap.

Total CVEs
49
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH19MEDIUM21LOW6

Vulnerabilities

Page 3 of 3
CVE-2017-12420HIGHCVSS 8.8≤ 8.3.2≤ 9.02017-08-18
CVE-2017-12420 [HIGH] CWE-119 CVE-2017-12420: Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 a Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
nvd
CVE-2017-7947MEDIUMCVSS 6.5v8.3.2v9.0+1 more2017-07-17
CVE-2017-7947 [MEDIUM] CWE-200 CVE-2017-7947: NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obt NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
nvd
CVE-2016-3997HIGHCVSS 7.5v8.3.12017-07-03
CVE-2016-3997 [HIGH] CWE-254 CVE-2016-3997: NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
nvd
CVE-2017-5988HIGHCVSS 7.5v8.1v8.1.1+13 more2017-04-10
CVE-2017-5988 [HIGH] CVE-2017-5988: NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers t NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
nvd
CVE-2017-7345MEDIUMCVSS 5.3≤ 7.12017-04-10
CVE-2017-7345 [MEDIUM] CWE-200 CVE-2017-7345: NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7 NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2016-4341HIGHCVSS 7.5≤ 8.3.22017-02-07
CVE-2016-4341 [HIGH] CWE-200 CVE-2016-4341: NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information v NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
nvd
CVE-2015-8020LOWCVSS 3.7v8.0v8.3.1+1 more2017-01-11
CVE-2015-8020 [LOW] CWE-200 CVE-2015-8020: Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
nvd
CVE-2016-3064MEDIUMCVSS 6.5≤ 8.2.4v8.3+2 more2016-09-01
CVE-2016-3064 [MEDIUM] CWE-200 CVE-2016-3064: NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated user NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
nvd
CVE-2016-1563MEDIUMCVSS 6.8v8.3.12016-04-07
CVE-2016-1563 [MEDIUM] CWE-20 CVE-2016-1563: NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, whic NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
← Previous3 / 3