CVE-2016-3400

The CVE-2016-3400 issue affects NetApp Data ONTAP in 7-Mode (and related 8.1/8.2 lines). Vulnerable component is SMB protocol handling where SMB signing enforcement can fail, enabling man-in-the-middle attacks that may disclose sensitive data, elevate privileges, or cause a denial of service. IBM...

CVE-2016-5045

CVE-2016-5045 affects NetApp OnCommand System Manager before 9.0. A remote attacker can obtain sensitive credentials via vectors related to cluster peering setup. The connected documents confirm the affected product and impact; no exploitation details are provided, and remediation steps are not s...

CVE-2016-3998

NetApp AltaVault (4.1 and earlier) has a vulnerability enabling man-in-the-middle attacks over SMB, potentially exposing sensitive data, allowing privilege escalation, or causing a denial of service. The issue is described across multiple sources (NVD/CNVD/CVELIST) with the same impacted version ...

CVE-2016-3997

NetApp CVE-2016-3997 affects Clustered Data ONTAP (N series) where SMB signing is not enforced by default, enabling MITM attacks that can disclose data, escalate privileges, or cause DoS. Root cause: SMB implementation fails to require signing by default. Impact: information disclosure, privilege...

CVE-2016-5045

NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup...

CVE-2016-3400

NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol...

CVE-2016-3998

NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol...

CVE-2016-3997

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state...

NetApp Clustered Data ONTAP Man-in-the-Middle Attack Vulnerability

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. A man-in-the-middle attack vulnerability exists in the default...

PT-2018-8490 · Php +5 · Php +5

Name of the Vulnerable Software and Affected Versions: PHP version 7.1.5 Netapp storage automation store affected versions not specified Description: The issue is related to an out of bounds access in the php pcre replace impl function via a crafted preg replace call. There is also a mention of a...

netapp.com XSS vulnerability

Vulnerable URL: http://www.netapp.com/us/forms/tools/storage-as-a-service.aspx?cid=7011A000001'-alert/OPENBUGBOUNTY/-' Details: Description| Value ---|--- Patched:| Yes, at 01.12.2017 Latest check for patch:| 01.12.2017 17:49 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

NetApp OnCommand Unified Manager Core Package Information Disclosure Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A security vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker could exploit the vulnerability to obtain sensitive information...

CVE-2017-7236

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-7439

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages...

CVE-2017-7439

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages...

CVE-2017-7236

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Information disclosure

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages...

CVE-2017-7439

Affected software: NetApp OnCommand Unified Manager Core Package 5.x (pre-5.2.2P1). Vulnerability: Information disclosure due to error-message handling. Impact: Remote attackers could obtain sensitive information via vectors involving error messages. Root cause / notes: Documented as a vulnerabil...