NetApp SANtricity Web Services Proxy and SANtricity Storage Manager Command Execution Vulnerability

NetApp SANtricity Web Services Proxy and SANtricity Storage Manager are both products of the U.S.-based NetApp Corporation.NetApp SANtricity Web Services Proxy is a suite of disk array management software. The software provides a Web API to configure, manage, and monitor E-Series and EF-Series di...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Client and IBM Spectrum Protect for Virtual Environments formerly Tivoli Storage Manager for Virtual Environments: Data Protect for...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Summary OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Client and IBM Spectrum Protect for Virtual Environments formerly Tivoli Storage Manager for Virtual Environments: Data Protection from VMware, is vulnerable to two denial of service vulnerabilities which can cause...

Security Bulletin: FCM 4.1 UNIX and VMware is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL in some 4.1 FlashCopy Manager components Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An...

Security Bulletin: A security vulnerability has been identified in the Tivoli Storage Manager Client shipped with IBM Tivoli Storage FlashCopy Manager for Windows (CVE-2015-0287)

Summary The IBM Tivoli Storage Manger client IBM Spectrum Protect is shipped as a component of IBM Tivoli Storage FlashCopy Manager for Windows IBM Spectrum Protect Snapshot. Information about a security vulnerability affecting the IBM Tivoli Manager client has been published in a security...

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2015-0287)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL, used by the Tivoli Storage Manager Client, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0287 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerabilities. OpenSSL, used by the Tivoli Storage Manager Client, has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Tivoli Storage Manager is affected by the following OpenSSL vulnerability: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. This bulletin was updated on 17 Dec 2014. See Change History below for a summary of the changes. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerab...

Security Bulletin: IBM Tivoli Storage FlashCopy Manager 4.1 and 3.2 UNIX and VMware is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-ID: CVE-2014-3470

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

Remote code execution

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation JMX RMI service bound to the network, and are susceptible to unauthenticated...

CVE-2018-5488

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation JMX RMI service bound to the network, and are susceptible to unauthenticated...

CVE-2018-5488

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation JMX RMI service bound to the network, and are susceptible to unauthenticated...

CVE-2018-5488

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation JMX RMI service bound to the network, and are susceptible to unauthenticated...

CVE-2018-5488

NetApp SANtricity Web Services Proxy and SANtricity Storage Manager are affected by an unauthenticated remote code execution due to JMX RMI being bound to the network. Affected products: NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Man...

App Layering: How to force the ELM to use a specific SMB version for file servers

In the ELM, when connecting to a file share, we test all the SMB versions that we support, from top to bottom, until we get a successful login. We specifically try 3.02, 3.0, 2.1, 2.0 and 1.0, in that order, before giving up. An SMB server is supposed to return "Not Supported" when an attempt is...

Eclipse Jetty CVE-2017-7656 Security Vulnerability

Description Eclipse Jetty is prone to a security vulnerability. An attacker can exploit this issue to conduct an HTTP request smuggling attack and perform unauthorized actions. This may lead to further attacks. Technologies Affected Eclipse Jetty 9.2.0 Eclipse Jetty 9.3.0 Eclipse Jetty 9.4.0 HP...

NetApp OnTAP Web Detection

Binary data ontapwebuidetect.nbin...

NetApp OnCommand Unified Manager for Linux Arbitrary Code Execution Vulnerability (CNVD-2018-10340)

NetApp OnCommand Unified Manager for Linux is a set of Linux-based ONTAP system management software from the U.S. company NetApp. The software can simplify data management, monitoring storage system infrastructure and detect faults and so on. A security vulnerability exists in NetApp OnCommand...

NetApp OnCommand Unified Manager for Windows Elevation of Privilege Vulnerability

NetApp OnCommand Unified Manager for Windows is a set of Windows-based ONTAP system management software from the U.S. company NetApp. The software can simplify data management, monitoring storage system infrastructure and detect faults. An elevation of privilege vulnerability exists in NetApp...

CVE-2018-5485

NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack...