Design/Logic Flaw

NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors...

Open redirect

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage...

CVE-2014-9353

NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors...

CVE-2014-9354

CVE-2014-9354 affects NetApp OnCommand Balance before 4.2P3. The vulnerability enables local users to obtain sensitive information due to cleartext storage. Affected product: NetApp OnCommand Balance; root cause: cleartext storage leading to information disclosure. Potential impact: exposure of s...

CVE-2014-9353

Affected product: NetApp OnCommand Balance. Vulnerability: presence of a default privileged account in Balance prior to version 4.2P2, enabling remote privilege elevation via unspecified vectors. Root cause: default privileged account included in the application. Impact: attacker could gain privi...

CVE-2014-9354

NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage...

SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager

SEC Consult Vulnerability Lab Security Advisory 20130507-0 ======================================================================= title: Multiple vulnerabilities product: NetApp OnCommand System Manager vulnerable version: = 2.1 and =2.0.2 fixed version: 2.2 only XSS fixed CVE: CVE-2013-3320 XSS...

NetApp OnCommand System Manager - zapiServlet CIFS Configuration Management Interface Multiple Cross-Site Scripting Vulnerabilities

NetApp OnCommand System Manager - zapiServlet CIFS Configuration Management Interface Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/59688/info NetApp OnCommand System Manager is prone to multiple cross-site scripting and HTML-injection vulnerabilities...

NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: NetApp OnCommand System Manager vulnerable version: = 2.1 and =2.0.2 fixed version: 2.2 only XSS fixed CVE: CVE-2013-3320 XSS...

NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/59688/info NetApp OnCommand System Manager is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run...

NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/59688/info NetApp OnCommand System Manager is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run...

NetApp OnCommand System Manager - zapiServlet User Management Interface Multiple Cross-Site Scripting Vulnerabilities

NetApp OnCommand System Manager - zapiServlet User Management Interface Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/59688/info NetApp OnCommand System Manager is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails ...