Netapp Data Ontap vulnerabilities

14 known vulnerabilities affecting netapp/data_ontap.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH5MEDIUM5LOW2

Vulnerabilities

Page 1 of 1

CVE-2021-26989MEDIUMCVSS 6.5v9.3.0v9.5.0+3 more2021-03-04

CVE-2021-26989 [MEDIUM] CVE-2021-26989: Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vu Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.

nvd

CVE-2021-26988LOWCVSS 3.5v9.3.0v9.5.0+3 more2021-03-04

CVE-2021-26988 [LOW] CWE-862 CVE-2021-26988: Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vu Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.

nvd

CVE-2019-5502CRITICALCVSS 9.1fixed in 8.2.5v8.2.52019-08-05

CVE-2019-5502 [CRITICAL] CWE-327 CVE-2019-5502: SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exp SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.

nvd

CVE-2019-5493HIGHCVSS 7.5fixed in 8.2.5v8.2.52019-08-02

CVE-2019-5493 [HIGH] CVE-2019-5493: Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which di Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.

nvd

CVE-2019-5501HIGHCVSS 7.5fixed in 8.2.5v8.2.52019-08-02

CVE-2019-5501 [HIGH] CVE-2019-5501: Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account informa Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.

nvd

CVE-2018-5496MEDIUMCVSS 4.4≤ 8.2.5v8.2.52018-12-04

CVE-2018-5496 [MEDIUM] CWE-200 CVE-2018-5496: Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which di Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

nvd

CVE-2015-7746CRITICALCVSS 9.8≤ 8.2.32017-09-01

CVE-2015-7746 [CRITICAL] CWE-287 CVE-2015-7746: NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authenti NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.

nvd

CVE-2016-1895MEDIUMCVSS 6.5≤ 8.2.4v8.3.2p12+1 more2017-09-01

CVE-2016-1895 [MEDIUM] CWE-134 CVE-2016-1895: NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.

nvd

CVE-2017-12859MEDIUMCVSS 5.9≤ 8.2.42017-08-18

CVE-2017-12859 [MEDIUM] CWE-20 CVE-2017-12859: NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attacker NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.

nvd

CVE-2016-3400HIGHCVSS 7.5v8.1v8.22017-07-03

CVE-2016-3400 [HIGH] CWE-254 CVE-2016-3400: NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtai NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.

nvd

CVE-2016-5374HIGHCVSS 8.8v9.0v9.12017-03-01

CVE-2016-5374 [HIGH] CWE-264 CVE-2016-5374: NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted dat NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.

nvd

CVE-2015-8322HIGHCVSS 8.8v8.3v8.3.12017-02-07

CVE-2015-8322 [HIGH] CVE-2015-8322: NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbi NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

nvd

CVE-2016-6495MEDIUMCVSS 5.9≤ 8.2.42017-02-07

CVE-2016-6495 [MEDIUM] CWE-200 CVE-2016-6495: NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain inform NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.

nvd

CVE-2015-7886LOWCVSS 3.7≤ 8.2.42016-01-18

CVE-2015-7886 [LOW] CWE-200 CVE-2015-7886: NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers t NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

nvd