4 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. Funciones múltiples en NetApp OnCommand System Manager en versiones anteriores a 8.3.2 no escapan adecuadamente de caracteres especiales, lo que permite a usuarios remotos autenticados ejecutar llamadas API arbitrarias a través de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager https://security.netapp.com/advisory/ntap-20160310-0004 • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. NetApp OnCommand System Manager versiones 2.1 y anteriores, permiten a atacantes remotos incluir archivos arbitrarios por medio de peticiones especialmente diseñadas en la página "diagnostic" utilizando el parámetro de ruta de registro SnapMirror. NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84062 https://www.securityfocus.com/archive/1/526552 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en NetApp OnCommand System Manager versiones anteriores a 2.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los campos "full-name" y "comment". NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://www.exploit-db.com/exploits/38507 https://www.exploit-db.com/exploits/38506 http://www.securityfocus.com/bid/59688 https://exchange.xforce.ibmcloud.com/vulnerabilities/84060 https://exchange.xforce.ibmcloud.com/vulnerabilities/84061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. NetApp OnCommand System Manager versión 2.1 y anteriores, permiten a atacantes remotos inyectar comandos arbitrarios en la interfaz Halt/Reboot. NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84063 https://www.securityfocus.com/archive/1/526552 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •