CVE-2017-7236

NetApp OnCommand Unified Manager Core Package 5.x is affected by CVE-2017-7236 (pre-5.2.2P1). The vulnerability is a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected component is the Core Package in OnCommand Unified Mana...

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP Information Disclosure Vulnerability

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP are both products of the U.S. company NetApp. The former is a set of software for monitoring, managing and optimizing the performance of data storage in Data ONTAP cluster environments; the latter is...

CVE-2017-7345

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation aka JMX RMI service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2016-3063

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors...

CVE-2015-8322

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors...

Code injection

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2016-1894

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors...

CVE-2016-6667

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors...

NetApp OnCommand Insight Data Warehouse Component Security Bypass Vulnerability

NetApp OnCommand Insight is a suite of hybrid cloud data center management software from NetApp. The software provides monitoring and management of multi-vendor IT infrastructures, optimized storage resource management, etc. Data Warehouse is one of the data warehouse components. A security...

Design/Logic Flaw

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account...

CVE-2017-5600

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account...

CVE-2017-5600

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account...

CVE-2016-5047

NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors...

NetApp OnCommand Workflow Automation Authentication Bypass Vulnerability

NetApp OnCommand Workflow Automation is a set of storage process management software from the U.S. company NetApp. An authentication bypass vulnerability exists in versions of NetApp OnCommand Workflow Automation prior to 3.1P2, which can be exploited by an attacker to bypass the authorization...

NetApp OnCommand System Manager Local Command Injection Vulnerability

NetApp OnCommand System Manager is a suite of storage management tools from the American company NetApp. A local command injection vulnerability exists in NetApp OnCommand System Manager version 8.3.x, which can be exploited by an attacker to inject arbitrary commands into the application...

Code injection

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

Vulnerability in NetApp OnCommand Balance

NetApp OnCommand Balance is a NetApp solution that provides guidance on how to optimize the performance and capacity of virtual and physical data center infrastructures. A security vulnerability exists in NetApp OnCommand Balance versions prior to 4.2P3. An attacker could exploit the vulnerabilit...

CVE-2014-9354

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage...

CVE-2014-9353

NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors...