CVE-2016-1502

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors...

CVE-2016-5711

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

CVE-2016-3063

NetApp OnCommand System Manager contains an input-escaping flaw that affects versions before 8.3.2. Due to improper escaping of special characters, remote authenticated users can trigger arbitrary API calls via unspecified vectors. Impact is the ability to perform unintended API operations, with ...

CVE-2016-1502

CVE-2016-1502 affects NetApp SnapCenter Server versions 1.0 and 1.0P1, where an attacker can remotely bypass authentication and subsequently list and delete backups via unspecified vectors. The NVD entry rates this as HIGH (CVSSv3 base 7.3) with network attack vector, no privileges required, and ...

CVE-2015-8322

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2015-8322

CVE-2015-8322 affects NetApp OnCommand System Manager 8.3.x prior to 8.3.2. The vulnerability allows remote authenticated users to execute arbitrary code via unspecified vectors. The connected documents do not specify the exact root cause, attack vectors, exploitation details, or affected subvers...

CVE-2015-8544

NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2016-5372

Cross-site request forgery CSRF vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors...

CVE-2016-6495

NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access...

CVE-2016-6495

CVE-2016-6495 affects NetApp Data ONTAP prior to 8.2.4P5 when operated in 7-Mode. The vulnerability is an information-disclosure issue where remote attackers can obtain information about volumes configured for HTTP access. The available connected records corroborate an information-disclosure impa...

CVE-2016-4341

NetApp Clustered Data ONTAP prior to version 8.3.2P7 is affected by CVE-2016-4341. The vulnerability allows remote attackers to obtain SMB share information via unspecified vectors, implying an information-disclosure risk. The issue affects ONTAP in the clustering (clustered) deployment and is mi...

CVE-2016-4341

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors...

CVE-2016-6667

Affected product and version : NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1. Vulnerability : presence of a default privileged account that enables remote attackers to execute arbitrary code via unspecified vectors. Impact : high-severity remote code execution with p...

CVE-2016-6667

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-8544

CVE-2015-8544 affects NetApp SnapDrive for Windows. The vulnerability could allow a remote attacker to obtain sensitive information due to disclosure of data in cleartext. Affected versions include SnapDrive for Windows 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1; IBM's bulletin specifies affected rel...

CVE-2016-1894

CVE-2016-1894 affects NetApp OnCommand Workflow Automation prior to version 3.1P2. The vulnerability is an authentication bypass that enables remote attackers to bypass authentication via unspecified vectors. The issue is documented across multiple sources (NVD entries and vendor/CNVD references)...

CVE-2016-3063

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors...

NetApp OnCommand Insight Data Warehouse Component Security Bypass Vulnerability

NetApp OnCommand Insight is a suite of hybrid cloud data center management software from NetApp. The software provides monitoring and management of multi-vendor IT infrastructures, optimized storage resource management, etc. Data Warehouse is one of the data warehouse components. A security...

Design/Logic Flaw

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account...

CVE-2017-5600

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account...