Latest netapp oncommand system manager Vulnerabilities

CVE-2020-8587
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an ...
NetApp OnCommand System Manager>=9.0<9.3
NetApp OnCommand System Manager=9.3
NetApp OnCommand System Manager=9.4
CVE-2020-17527
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connecti...
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.40
and 65 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could tr...
redhat/tomcat<0:7.0.76-15.el7
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el5
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-bundles<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 220 more
CVE-2020-13934
A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryEx...
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el6
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el7
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.37
redhat/tomcat<8.5.57
and 58 more
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could b...
redhat/jws5-jboss-logging<0:3.4.1-1.Final_redhat_00001.1.el6
redhat/jws5-tomcat<0:9.0.36-6.redhat_5.2.el6
redhat/jws5-tomcat-native<0:1.2.25-2.redhat_2.el6
redhat/jws5-jboss-logging<0:3.4.1-1.Final_redhat_00001.1.el7
redhat/jws5-tomcat<0:9.0.36-6.redhat_5.2.el7
redhat/jws5-tomcat-native<0:1.2.25-2.redhat_2.el7
and 60 more
CVE-2020-7656
A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "<script>" HTML tags that contain a whitespace charact...
maven/org.webjars.npm:jquery<1.9.0
rubygems/jquery-rails<2.2.0
nuget/jQuery<1.9.0
npm/jquery<1.9.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 14 more
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2019-17276
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scri...
NetApp OnCommand System Manager=9.3
NetApp OnCommand System Manager=9.4
CVE-2019-17569
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el6
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el6
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el7
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el7
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el8
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el8
and 30 more
CVE-2020-1935
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/tomcat<0:7.0.76-16.el7_9
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-41.ep7.el6
redhat/tomcat8<0:8.0.36-45.ep7.el6
redhat/tomcat7<0:7.0.70-41.ep7.el7
and 75 more
CVE-2013-3322
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
NetApp OnCommand System Manager<=2.1
CVE-2013-3320
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
NetApp OnCommand System Manager<2.2
CVE-2013-3321
NetApp OnCommand System Manager<=2.1
CVE-2019-17571
A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined w...
maven/org.zenframework.z8.dependencies.commons:log4j-1.2.17=2.0
maven/log4j:log4j>=1.2<=1.2.17
debian/apache-log4j1.2<=1.2.17-5<=1.2.17-7<=1.2.17-8
redhat/log4j<0:1.2.14-6.7.el6_10
redhat/log4j<0:1.2.17-16.el7_4
redhat/log4j<0:1.2.14-19.patch_01.ep5.el5
and 45 more
CVE-2019-12418
Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a flaw when configured with the JMX Remote Lifecycle Listener. By using man-in-the-middle attack techniq...
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
redhat/tomcat7<0:7.0.70-38.ep7.el7
redhat/tomcat8<0:8.0.36-42.ep7.el7
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el7
and 23 more
CVE-2019-10246
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a listing of directory contents. By sending a specially-crafted request, a rem...
Eclipse Jetty=9.2.27-20190403
Eclipse Jetty=9.3.26-20190403
Eclipse Jetty=9.4.16-20190411
Microsoft Windows
NetApp OnCommand System Manager>=3.0<=3.1.3
NetApp Snap Creator Framework
and 49 more
CVE-2019-10247
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulner...
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.2.28
redhat/jetty<9.3.27
redhat/jetty<9.4.16
Eclipse Jetty=7.0.0-20091005
and 334 more
CVE-2019-11358
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...
redhat/ansible-tower<0:3.5.2-1.el7a
redhat/cfme<0:5.10.9.1-1.el7cf
redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf
redhat/cfme-appliance<0:5.10.9.1-1.el7cf
redhat/cfme-gemset<0:5.10.9.1-1.el7cf
redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e
and 267 more
CVE-2017-7657
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
Eclipse Jetty>=9.3.0<9.3.24
and 25 more
CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/...
Eclipse Jetty>=9.4.0<=9.4.8
Netapp E-series Santricity Management Plug-ins
NetApp E-Series SANtricity OS Controller>=11.0<=11.40
Netapp E-series Santricity Web Services Proxy
Netapp Element Software
Netapp Hyper Converged Infrastructure
and 6 more
CVE-2017-7658
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.2.25.
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
and 28 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203