CVE-2023-27316 – Privilege Escalation Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2023-27316
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. Las versiones 4.8 a 4.9 de SnapCenter son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado de SnapCenter Server se convierta en usuario administrador en un sistema remoto donde se ha instalado un complemento de SnapCenter. • https://security.netapp.com/advisory/NTAP-20231012-0001 https://security.netapp.com/advisory/ntap-20231012-0001 • CWE-269: Improper Privilege Management •
CVE-2023-27314 – Denial of Service Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2023-27314
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. Las versiones de ONTAP 9 anteriores a 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 y 9.13.1 son susceptibles a una vulnerabilidad que podría permitir que un atacante remoto no autenticado provoque una falla del servicio HTTP. • https://security.netapp.com/advisory/ntap-20231009-0001 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-27313 – Privilege Escalation Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2023-27313
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. Las versiones 3.x y 4.x de SnapCenter anteriores a la 4.9 son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado sin privilegios obtenga acceso como usuario administrador. • https://security.netapp.com/advisory/ntap-20230713-0002 • CWE-250: Execution with Unnecessary Privileges •
CVE-2023-27312 – Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere
https://notcve.org/view.php?id=CVE-2023-27312
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. El complemento SnapCenter para VMware vSphere versiones 4.6 anteriores a 4.9 son susceptibles a una vulnerabilidad que puede permitir a usuarios autenticados sin privilegios modificar la configuración del correo electrónico y el nombre de la instantánea dentro de la interfaz de usuario de VMware vSphere. • https://security.netapp.com/advisory/ntap-20230713-0001 • CWE-250: Execution with Unnecessary Privileges •
CVE-2023-27315 – Information Disclosure Vulnerability in SnapGathers
https://notcve.org/view.php?id=CVE-2023-27315
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials Las versiones de SnapGathers anteriores a la 4.9 son susceptibles a una vulnerabilidad que podría permitir a un atacante local autenticado descubrir credenciales de usuario de dominio en texto plano. • https://security.netapp.com/advisory/ntap-20231009-0002 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •