Netapp Ontap 9 vulnerabilities

6 known vulnerabilities affecting netapp/ontap_9.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-22052MEDIUMCVSS 5.3v9.12.1 and higher2026-03-05
CVE-2026-22052 [MEDIUM] CWE-209 CVE-2026-22052: ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vu ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
cvelistv5nvd
CVE-2026-22050MEDIUMCVSS 6.9≥ 9.16.1, < 9.16.1P9≥ 9.17.1, < 9.17.1P22026-01-12
CVE-2026-22050 [MEDIUM] CWE-639 CVE-2026-22050: ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled a ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.
cvelistv5nvd
CVE-2024-21985HIGHCVSS 7.6≥ 9.0, < 9.9.1P18≥ 9.10.1, < 9.10.1P16+3 more2024-01-26
CVE-2024-21985 [HIGH] CWE-269 CVE-2024-21985: ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or mod
cvelistv5nvd
CVE-2024-21982MEDIUMCVSS 6.5≥ 9.4, < 9.8P21≥ 9.9.1, < 9.9.1P18+4 more2024-01-12
CVE-2024-21982 [MEDIUM] CVE-2024-21982: ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.
cvelistv5nvd
CVE-2023-27317MEDIUMCVSS 4.6v9.12.1P8v9.13.1P4+1 more2023-12-15
CVE-2023-27317 [MEDIUM] CWE-200 CVE-2023-27317: ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cau ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with phy
cvelistv5nvd
CVE-2023-27314HIGHCVSS 7.5fixed in 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2, 9.13.12023-10-12
CVE-2023-27314 [HIGH] CWE-400 CVE-2023-27314: ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptibl ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.
cvelistv5nvd