Element Plug-in For Vcenter Server Security Vulnerabilities and Issues — Element Plug-in For Vcenter Server CVE List

Lucene search

NetappElement Plug-in For Vcenter Server

9 matches found

CVE•added 2022/07/07 9:15 p.m.•439 views

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

4CVSS5.2AI score0.01221EPSS

CVE•added 2021/04/01 3:15 p.m.•400 views

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can ...

5.3CVSS5.2AI score0.93519EPSS

CVE•added 2021/04/01 3:15 p.m.•342 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that dir...

4CVSS5.1AI score0.00181EPSS

CVE•added 2021/07/15 5:15 p.m.•316 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

5.3CVSS5.4AI score0.93804EPSS

CVE•added 2022/07/07 9:15 p.m.•309 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left ...

7.5CVSS7.3AI score0.01143EPSS

CVE•added 2021/02/26 10:15 p.m.•297 views

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those qual...

5.3CVSS5.2AI score0.26008EPSS

CVE•added 2021/06/22 3:15 p.m.•288 views

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2,

3.6CVSS3.9AI score0.00646EPSS

CVE•added 2019/04/29 2:29 p.m.•64 views

CVE-2019-5492

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.

7.5CVSS7.4AI score0.00542EPSS

CVE•added 2021/03/15 10:15 p.m.•63 views

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versio...

9.8CVSS9.5AI score0.0187EPSS