Vulnerabilities fixed in NetApp products

NetApp has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data NetApp has released updates to address the...

CVE-2021-26998

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed...

CVE-2021-26999

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with...

CVE-2021-26998

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed...

Information disclosure

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed...

Design/Logic Flaw

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with...

CVE-2021-26999

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with...

CVE-2021-26999

CVE-2021-26999 affects NetApp Cloud Manager prior to 3.9.9, where failing an Active Directory connection causes sensitive information to be logged. The logs are available only to authenticated users. Auto-upgrade customers should already be on a fixed version, while users with on‑prem connectors ...

CVE-2021-26998

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed...

CVE-2021-26998

CVE-2021-26998 affects NetApp Cloud Manager prior to 3.9.9, where a flaw allows sensitive information in logs to be exposed to authenticated users. Public sources consistently identify the affected product and version range and confirm the impact as information disclosure. Remediation per the doc...

NetApp Cloud Manager 信息泄露漏洞

Netapp NetApp Cloud Manager is an application from Netapp, Inc. which provides centralized orchestration of hybrid cloud storage and data management services. An information disclosure vulnerability exists in NetApp Cloud Manager, which stems from a flaw in the configuration of the product. An...

NetApp Cloud Manager 信息泄露漏洞

Netapp NetApp Cloud Manager is an application from Netapp, Inc. It provides centralized orchestration of hybrid cloud storage and data management services. A security vulnerability exists in NetApp Cloud Manager versions prior to 3.9.9 that originates from abnormal log file output from a networke...

NetApp Data ONTAP Compliance Checks

Binary data netappdataontapcompliancecheck.nbin...

Vulnerability fixed in Jetty

A vulnerability has been fixed in Jetty. A malicious party can exploit the exploit the vulnerability to obtain sensitive information. -= NetApp =- NetApp has released updates to fix the Jetty vulnerability fix in Active IQ Unified Manager. For more information, see:...

NetApp SANtricity OS Controller Software 11.x Vulnerabilities - Lenovo Support US

No description provided...

Netapp E-Series SANtricity OS Controller Software Remote Code Execution Vulnerability

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from NetApp, Inc. A security vulnerability exists that could be exploited by a privileged attacker to execute arbitrary code...

NetApp E-Series SANtricity OS Controller Software Has Denial of Service Vulnerability

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from American NetApp Netapp. A security vulnerability exists in E-Series SANtricity OS Controller Software versions 11.x through 11.70.1, which can be exploited by remote attackers to cause a partial denial of...

Unspecified Vulnerability in NetApp E-Series SANtricity OS Controller Software

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from American NetApp Netapp. A security vulnerability exists in E-Series SANtricity OS Controller Software versions 11.x through 11.70.1, which can be exploited by attackers to obtain sensitive information...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)

Summary OpenSSL vulnerabilities were disclosed on December 8, 2020 and February 16, 2021 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect Backup-Archive Client for network connections with NetApp services, has addressed the applicable CVEs. UPDATED: 14 June 2021 - Added 7.1 fix...

Netapp E-Series SANtricity OS Controller Software 安全漏洞

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from American NetApp Netapp. A security vulnerability exists in E-Series SANtricity OS Controller Software versions 11.x through 11.70.1, which can be exploited by attackers to obtain sensitive information...