Oncommand Unified Manager Security Vulnerabilities and Issues — Oncommand Unified Manager CVE List

Lucene search

NetappOncommand Unified Manager

3 matches found

CVE•added 2018/06/26 4:29 p.m.•273 views

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as...

9.8CVSS9.1AI score0.06679EPSS

CVE•added 2018/06/22 7:29 p.m.•124 views

CVE-2018-12538

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storag...

8.8CVSS8.4AI score0.00468EPSS

CVE•added 2018/06/22 3:29 p.m.•37 views

CVE-2017-7568

NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.

5.3CVSS5.1AI score0.01448EPSS