251 matches found
CVE-2020-8585
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link plink...
CVE-2020-8585
CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...
Netapp NetApp OnCommand Unified Manager 后置链接漏洞
Netapp NetApp OnCommand Unified Manager is a suite of ONTAP system management software from the U.S. company NetApp Netapp. The software can simplify data management, monitor the storage system infrastructure and detect failures. An information disclosure vulnerability exists in NetApp OnCommand...
Design/Logic Flaw
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...
NetApp OnCommand System Manager Cross-Site Scripting Vulnerability
NetApp OnCommand System Manager is a suite of storage management tools from NetApp, USA. The tool supports simplifying, controlling, and automating the setup and ongoing management of NetApp storage systems. A cross-site scripting vulnerability in NetApp OnCommand System Manager version 9.3 prior...
CVE-2019-17276
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...
CVE-2019-17276
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...
Cross site scripting
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...
CVE-2019-17276
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...
CVE-2019-17276
The CVE describes a cross-site scripting vulnerability in NetApp OnCommand System Manager, affecting versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2. The root cause is stated as a lack of proper validation of client-side data by the WEB application, enabling an authenticated attacker to injec...
NetApp OnCommand Cloud Manager Code Execution Vulnerability
NetApp OnCommand Cloud Manager is a suite of software from NetApp, Inc. that supports the deployment, management and tracking of Data Fabric resources across cloud environments. A security vulnerability exists in OnCommand Cloud Manager versions prior to 3.8.0. A remote attacker could exploit the...
CVE-2019-17275
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers...
CVE-2019-17275
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers...
Design/Logic Flaw
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers...
CVE-2019-17275
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers...
CVE-2019-17275
The CVE-2019-17275 entry concerns NetApp OnCommand Cloud Manager, affected versions prior to 3.8.0. The vulnerability enables arbitrary code execution via remote attackers, with network access and no authentication required reported in sources. The risk is described as high/critical depending on ...
CVE-2013-3322
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface...
CVE-2013-3322
CVE-2013-3322 affects NetApp OnCommand System Manager (versions <= 2.1 and
CVE-2013-3320
Cross-site Scripting XSS vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields...
CVE-2013-3321
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...