Netapp Snapcenter vulnerabilities

CVE-2025-26512 [CRITICAL] CWE-266 CVE-2025-26512: SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow a SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVE-2024-21993 [MEDIUM] CWE-312 CVE-2024-21993: SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenti SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.

CVE-2024-21987 [MEDIUM] CWE-285 CVE-2024-21987: SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authen SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings

CVE-2023-27316 [HIGH] CWE-269 CVE-2023-27316: SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authentic SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVE-2023-27313 [HIGH] CWE-250 CVE-2023-27313: SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.

CVE-2023-1096 [CRITICAL] CWE-306 CVE-2023-1096: SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability whi SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.

CVE-2022-38732 [HIGH] CWE-358 CVE-2022-38732: SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which cou SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.

CVE-2022-23234 [MEDIUM] CWE-312 CVE-2022-23234: SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authen SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

CVE-2021-28165 [HIGH] CWE-400 CVE-2021-28165: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage ca In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

CVE-2017-7657 [CRITICAL] CWE-444 CVE-2017-7657: In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default confi In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body

CVE-2017-15519 [HIGH] CWE-287 CVE-2017-15519: Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify b Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.