12 matches found
CVE-2022-23232
Summary of CVE-2022-23232 (StorageGRID): StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are vulnerable to an access-control issue where disabled, expired, or locked external user accounts could access S3 data they previously could view. In 11.6.0, the product changes behavio...
CVE-2022-23233
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability that, if exploited, could cause a Denial of Service (DoS) of the Local Distribution Router (LDR) service. Affected product is NetApp StorageGRID; the issue is described across multiple sources ...
CVE-2022-38734
CVE-2022-38734 affects NetApp StorageGRID (formerly StorageGRID Webscale) before version 11.6.0.8. The vulnerability leads to a Denial of Service that can crash the Local Distribution Router (LDR) service. The available connected documents consistently describe this DoS impact and the targeted co...
CVE-2024-21988
CVE-2024-21988 affects NetApp StorageGRID (formerly StorageGRID Webscale). Versions prior to 11.7.0.9 and 11.8.0.5 are vulnerable due to a flaw in the SSH cryptographic implementation that enables disclosure of sensitive information in complex Man‑in‑the‑Middle attacks. The root cause is tied to ...
CVE-2024-21994
CVE-2024-21994 affects NetApp StorageGRID (formerly StorageGRID Webscale) prior to version 11.9. The vulnerability allows an authenticated attacker to cause a Denial of Service, potentially crashing the service. The available connected documentation confirms the affected product and version range...
CVE-2024-21983
CVE-2024-21983 affects NetApp’s StorageGRID (formerly StorageGRID Webscale). Public sources confirm versions prior to 11.8 are susceptible to a DoS where an authenticated attacker could trigger an out-of-memory condition or node reboot. The vulnerability is described consistently across multiple ...
CVE-2024-21984
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are vulnerable to a Reflected Cross-Site Scripting (XSS) flaw. Exploitation requires a targeted user to click a crafted link, after which an attacker could view or modify configuration settings or add/modify user accounts. Multipl...
CVE-2025-26515
StorageGRID (formerly StorageGRID Webscale) is affected by CVE-2025-26515, a Server-Side Request Forgery (SSRF) in versions prior to 11.8.0.15 and 11.9.0.8 when Single Sign-On is not enabled. An unauthenticated attacker could change the password of any Grid Manager or Tenant Manager non-federated...
CVE-2025-26516
CVE-2025-26516 affects StorageGRID (formerly StorageGRID Webscale); versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service on the Admin node when exploited by an unauthenticated attacker. The available documents do not specify the exact root cause or exploitation details....
CVE-2025-26514
StorageGRID (formerly StorageGRID Webscale) is affected by a Reflected Cross-Site Scripting vulnerability in versions prior to 11.8.0.15 and 11.9.0.8. The issue could let an attacker view or modify configuration settings or add/modify user accounts, but exploitation requires the attacker to know ...
CVE-2025-26517
StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.8.0.15 and prior to 11.9.0.8. The vulnerability is a privilege escalation that could allow an unauthenticated? authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades. Remediation:...
CVE-2026-22051
StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.9.0.13 and 12.0.0.6 by an Information Disclosure vulnerability. An authenticated user with low privileges could run arbitrary metrics queries and view metric results they should not access. The attack vector is networ...