Oncommand Unified Manager Security Vulnerabilities and Issues — Oncommand Unified Manager CVE List

Lucene search

NetappOncommand Unified Manager

15 matches found

CVE•added 2010/08/05 1:23 p.m.•1039 views

CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when ...

8.8CVSS9.5AI score0.93853EPSS

CVE•added 2018/05/11 8:29 p.m.•221 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

8.8CVSS9AI score0.00221EPSS

CVE•added 2017/08/08 3:29 p.m.•172 views

CVE-2017-10116

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS8.5AI score0.01701EPSS

CVE•added 2017/08/08 3:29 p.m.•160 views

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

8.3CVSS8.6AI score0.01101EPSS

CVE•added 2017/08/08 3:29 p.m.•137 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this ...

8.1CVSS7.8AI score0.00892EPSS

CVE•added 2018/07/18 1:29 p.m.•131 views

CVE-2018-2964

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful at...

8.3CVSS8.6AI score0.00953EPSS

CVE•added 2018/04/19 2:29 a.m.•125 views

CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require ...

8.3CVSS8AI score0.02916EPSS

CVE•added 2018/06/22 7:29 p.m.•124 views

CVE-2018-12538

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storag...

8.8CVSS8.4AI score0.00468EPSS

CVE•added 2017/08/08 3:29 p.m.•122 views

CVE-2017-10114

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

8.3CVSS8.5AI score0.01714EPSS

CVE•added 2018/01/18 2:29 a.m.•119 views

CVE-2018-2638

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful att...

8.3CVSS8AI score0.00936EPSS

CVE•added 2018/07/18 1:29 p.m.•110 views

CVE-2018-2941

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

8.3CVSS8.5AI score0.01278EPSS

CVE•added 2018/04/19 2:29 a.m.•105 views

CVE-2018-2825

8.3CVSS8AI score0.01133EPSS

CVE•added 2017/08/07 8:29 p.m.•104 views

CVE-2015-7849

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

8.8CVSS9.1AI score0.0425EPSS

CVE•added 2018/07/18 1:29 p.m.•100 views

CVE-2018-2942

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful at...

8.3CVSS8.3AI score0.00583EPSS

CVE•added 2017/08/07 8:29 p.m.•97 views

CVE-2015-7854

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

8.8CVSS9.3AI score0.04185EPSS