Latest netapp element plug-in for vcenter server Vulnerabilities

CVE-2022-2047
Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this...
Eclipse Jetty<9.4.46
Eclipse Jetty>=10.0.0<10.0.9
Eclipse Jetty>=11.0.0<=11.0.9
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Element Plug-in For Vcenter Server
and 6 more
CVE-2022-2048
### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the...
redhat/jenkins<0:2.401.1.1686831596-3.el8
redhat/jenkins<0:2.361.1.1672840472-1.el8
redhat/jenkins<0:2.361.1.1675668150-1.el8
maven/org.eclipse.jetty.http2:http2-server>=11.0.0<11.0.10
maven/org.eclipse.jetty.http2:http2-server>=10.0.0<10.0.10
maven/org.eclipse.jetty.http2:http2-server<9.4.47
and 14 more
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co...
redhat/jetty<9.4.43
redhat/jetty<10.0.6
redhat/jetty<11.0.6
Eclipse Jetty>=9.4.37<9.4.43
Eclipse Jetty>=10.0.1<10.0.6
Eclipse Jetty>=11.0.1<11.0.6
and 19 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-28163
Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sen...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
redhat/jetty<9.4.39
redhat/jetty<10.0.2
redhat/jetty<11.0.2
and 33 more
CVE-2021-28164
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that co...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jetty<9.4.39
Eclipse Jetty=9.4.37-20210219
Eclipse Jetty=9.4.38-20210224
NetApp Cloud Manager
Netapp E-series Performance Analyzer
and 16 more
CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Re...
Vmware Spring Boot<1.3.2
Netapp Element Plug-in For Vcenter Server
Netapp Management Services For Element Software And Netapp Hci<2.17.56
IBM Cloud Pak for Business Automation<=12.2
CVE-2020-27223
Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-craf...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
debian/jetty9
redhat/jetty-9.4.37.v20210219 jetty-10.0.1 jetty<11.0.1
IBM Secure Proxy<=6.0.2
and 25 more
CVE-2019-5492
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected ve...
Netapp Hyper Converged Infrastructure Compute Node<=1.4
Netapp Element Plug-in For Vcenter Server<4.2.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203