CVE-2017-13652
https://notcve.org/view.php?id=CVE-2017-13652
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. NetApp OnCommand Insight 7.3.0 y en versiones anteriores a la 7.2.0 es susceptible a ataques de secuestro de clics, lo que podría provocar que un usuario realice una acción no planeada en la interfaz de usuario. • https://security.netapp.com/advisory/ntap-20180731-0001 • CWE-20: Improper Input Validation •
CVE-2017-5600
https://notcve.org/view.php?id=CVE-2017-5600
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. El componente Data Warehouse en NetApp OnCommand Insight en versiones anteriores a 7.2.3 permite a atacantes remotos obtener acceso administrativo aprovechando una cuenta privilegiada predeterminada. • http://www.securityfocus.com/bid/96041 https://kb.netapp.com/support/s/article/NTAP-20170131-0001 • CWE-798: Use of Hard-coded Credentials •