Oncommand Shift Security Vulnerabilities and Issues — Oncommand Shift CVE List

Lucene search

NetappOncommand Shift

9 matches found

CVE•added 2017/10/04 1:29 a.m.•1453 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted ...

8.1CVSS7.5AI score0.94394EPSS

CVE•added 2017/09/19 1:29 p.m.•1425 views

CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS7.4AI score0.9436EPSS

CVE•added 2018/01/22 4:29 a.m.•184 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

8.1CVSS9.6AI score0.77336EPSS

CVE•added 2017/08/08 3:29 p.m.•165 views

CVE-2017-10116

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS8.5AI score0.01701EPSS

CVE•added 2017/08/08 3:29 p.m.•155 views

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

8.3CVSS8.6AI score0.01101EPSS

CVE•added 2017/08/08 3:29 p.m.•129 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this ...

8.1CVSS7.8AI score0.00892EPSS

CVE•added 2017/08/08 3:29 p.m.•117 views

CVE-2017-10114

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

8.3CVSS8.5AI score0.01714EPSS

CVE•added 2018/01/18 2:29 a.m.•115 views

CVE-2018-2638

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful att...

8.3CVSS8AI score0.00936EPSS

CVE•added 2016/09/21 2:59 a.m.•82 views

CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a serv...

8.1CVSS7.8AI score0.00364EPSS