Clustered Data Ontap Security Vulnerabilities and Issues — Page 4 of Clustered Data Ontap CVE List

Lucene search

NetappClustered Data Ontap

187 matches found

CVE•added 2019/02/01 4:29 p.m.•63 views

CVE-2018-5498

Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (Do...

4.4CVSS4.4AI score0.00513EPSS

CVE•added 2023/10/12 7:15 p.m.•62 views

CVE-2023-27314

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8,9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allowa remote unauthenticated attacker to cause a crash of the HTTP service.

7.5CVSS7.5AI score0.00601EPSS

CVE•added 2019/01/24 8:29 p.m.•61 views

CVE-2018-5497

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

4.4CVSS4.5AI score0.00145EPSS

CVE•added 2021/06/04 12:15 p.m.•61 views

CVE-2020-7469

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet b...

7.5CVSS7.6AI score0.00318EPSS

CVE•added 2019/02/27 5:29 p.m.•58 views

CVE-2019-5491

Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.

7.5CVSS7.3AI score0.00515EPSS

CVE•added 2018/08/03 7:29 p.m.•57 views

CVE-2018-5490

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candida...

8.8CVSS8.4AI score0.0032EPSS

CVE•added 2023/08/01 11:15 p.m.•57 views

CVE-2023-3107

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

7.5CVSS7.3AI score0.00163EPSS

CVE•added 2024/01/12 12:15 a.m.•55 views

CVE-2024-21982

ONTAP versions 9.4 and higher are susceptible to a vulnerabilitywhich when successfully exploited could lead to disclosure of sensitiveinformation to unprivileged attackers when the object-store profilercommand is being run by an administrative user.

6.5CVSS6.3AI score0.0028EPSS

CVE•added 2019/08/30 9:15 a.m.•54 views

CVE-2019-5611

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous....

7.8CVSS7.2AI score0.04307EPSS

CVE•added 2019/08/30 9:15 a.m.•50 views

CVE-2019-5612

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can...

7.8CVSS7.2AI score0.003EPSS

CVE•added 2017/09/01 9:29 p.m.•49 views

CVE-2017-12421

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.

8.8CVSS8.6AI score0.01733EPSS

CVE•added 2019/08/30 9:15 a.m.•49 views

CVE-2019-5610

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user c...

7.5CVSS7.5AI score0.01371EPSS

CVE•added 2017/01/11 4:59 p.m.•48 views

CVE-2015-8020

Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.

4.3CVSS4.1AI score0.00247EPSS

CVE•added 2017/09/01 9:29 p.m.•48 views

CVE-2017-12423

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.

7.7CVSS6.9AI score0.00224EPSS

CVE•added 2017/12/18 2:29 p.m.•46 views

CVE-2017-14583

NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.

6.5CVSS6.3AI score0.00296EPSS

CVE•added 2021/01/19 6:15 p.m.•46 views

CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

6.5CVSS6.2AI score0.00232EPSS

CVE•added 2022/10/19 6:15 p.m.•46 views

CVE-2022-23241

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

8.1CVSS7.8AI score0.00219EPSS

CVE•added 2020/06/09 7:15 p.m.•45 views

CVE-2020-7456

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with phy...

7.2CVSS6.6AI score0.00153EPSS

CVE•added 2021/02/08 10:15 p.m.•45 views

CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

3.3CVSS4.2AI score0.00065EPSS

CVE•added 2019/10/09 7:15 p.m.•43 views

CVE-2019-5506

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

5.9CVSS5.7AI score0.00195EPSS

CVE•added 2016/09/01 1:59 a.m.•42 views

CVE-2016-3064

NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.

6.5CVSS5.2AI score0.00253EPSS

CVE•added 2017/07/17 9:29 p.m.•42 views

CVE-2017-7947

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.

6.5CVSS6.5AI score0.0029EPSS

CVE•added 2021/02/08 10:15 p.m.•42 views

CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

3.3CVSS4.2AI score0.00065EPSS

CVE•added 2021/10/12 6:15 p.m.•42 views

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

4.7CVSS4.7AI score0.00206EPSS

CVE•added 2017/07/03 4:29 p.m.•41 views

CVE-2016-3997

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.

7.5CVSS7.5AI score0.00426EPSS

CVE•added 2017/08/18 5:29 p.m.•41 views

CVE-2017-12420

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.

8.8CVSS8.8AI score0.01949EPSS

CVE•added 2017/11/10 2:29 a.m.•41 views

CVE-2017-5201

NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.

5.7CVSS5.5AI score0.00253EPSS

CVE•added 2017/04/10 3:59 p.m.•41 views

CVE-2017-7345

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors...

5.3CVSS5.2AI score0.00203EPSS

CVE•added 2021/02/03 6:15 p.m.•41 views

CVE-2020-8588

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).

3.5CVSS4.5AI score0.00086EPSS

CVE•added 2017/02/07 5:59 p.m.•39 views

CVE-2016-4341

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.

7.5CVSS7.2AI score0.00476EPSS

CVE•added 2020/10/27 2:15 p.m.•38 views

CVE-2020-8579

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

7.5CVSS7.3AI score0.00389EPSS

CVE•added 2017/04/10 3:59 p.m.•37 views

CVE-2017-5988

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.

7.5CVSS7.4AI score0.00598EPSS

CVE•added 2020/09/02 8:15 p.m.•37 views

CVE-2020-8576

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.

5.5CVSS5.4AI score0.0022EPSS

CVE•added 2021/02/03 6:15 p.m.•37 views

CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.

3.5CVSS4.3AI score0.00086EPSS

CVE•added 2021/10/19 3:15 p.m.•37 views

CVE-2021-27001

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

5.5CVSS5.2AI score0.00059EPSS

CVE•added 2021/06/04 11:15 a.m.•34 views

CVE-2021-26994

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.

6.5CVSS6.3AI score0.00372EPSS

CVE•added 2016/04/07 10:59 a.m.•33 views

CVE-2016-1563

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8CVSS6.2AI score0.0013EPSS

Total number of security vulnerabilities187