Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Total 2037 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3997 1 Netapp 1 Clustered Data Ontap 2017-07-05 6.8 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
CVE-2016-3998 1 Netapp 1 Altavault 2017-07-05 5.1 MEDIUM 8.1 HIGH
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-5045 1 Netapp 1 Oncommand System Manager 2017-07-05 6.8 MEDIUM 8.1 HIGH
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVE-2017-7236 1 Netapp 1 Oncommand Unified Manager Core Package 2017-06-02 5.0 MEDIUM 7.5 HIGH
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-7439 1 Netapp 1 Oncommand Unified Manager Core Package 2017-06-02 5.0 MEDIUM 7.5 HIGH
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
CVE-2017-7345 1 Netapp 1 Clustered Data Ontap 2017-04-17 5.0 MEDIUM 5.3 MEDIUM
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-5988 1 Netapp 1 Clustered Data Ontap 2017-04-14 5.0 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-5374 1 Netapp 1 Data Ontap 2017-03-14 6.5 MEDIUM 8.8 HIGH
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-4341 1 Netapp 1 Clustered Data Ontap 2017-02-24 5.0 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2016-1502 1 Netapp 1 Snapcenter Server 2017-02-24 7.5 HIGH 7.3 HIGH
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
CVE-2016-6667 1 Netapp 1 Oncommand Unified Manager For Clustered Data Ontap 2017-02-24 7.5 HIGH 9.8 CRITICAL
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-6495 1 Netapp 1 Data Ontap 2017-02-24 4.3 MEDIUM 5.9 MEDIUM
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
CVE-2016-5711 1 Netapp 1 Virtual Storage Console For Vmware Vsphere 2017-02-24 6.8 MEDIUM 9.8 CRITICAL
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVE-2016-7171 1 Netapp 1 Netapp Plug-in 2016-12-23 6.8 MEDIUM 5.6 MEDIUM
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
CVE-2015-3292 1 Netapp 1 Oncommand Workflow Automation 2016-12-02 10.0 HIGH N/A
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-9354 1 Netapp 1 Oncommand Balance 2015-02-09 4.0 MEDIUM N/A
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
CVE-2014-9353 1 Netapp 1 Oncommand Balance 2015-02-06 10.0 HIGH N/A
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.