CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5497
https://notcve.org/view.php?id=CVE-2018-5497
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. Clustered Data ONTAP, en sus versiones anteriores a las 9.1P16, 9.3P10 y 9.4P5, es susceptible a una vulnerabilidad que divulga información sensible a un usuario no autenticado. • https://security.netapp.com/advisory/ntap-20190109-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5490
https://notcve.org/view.php?id=CVE-2018-5490
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. Las reglas de política de exportación de solo lectura no se aplican correctamente en Clustered Data ONTAP en versiones 8.3 Release Candidate y, por lo tanto, podrían permitir más que el acceso "solo lectura" desde clientes SMBv2 y SMBv3 autenticados. Este comportamiento ha sido resuelto en la versión GA. • https://security.netapp.com/advisory/ntap-20150324-0001 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5201
https://notcve.org/view.php?id=CVE-2017-5201
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. NetApp Clustered Data ONTAP en versiones anteriores a la 8.3.2P8 y 9.0 anteriores a P2 permite que usuarios autenticados remotos obtengan información sensible del clúster y del tenant mediante vectores no especificados. Esta vulnerabilidad es diferente de CVE-2016-3064. • http://www.securityfocus.com/bid/101776 https://security.netapp.com/advisory/ntap-20170809-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12420
https://notcve.org/view.php?id=CVE-2017-12420
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. Un desbordamiento de búfer basado en montículos en la implementación SMB en NetApp Clustered Data ONTAP en sus versiones anteriores a la 8.3.2P8 y 9.0 anterior al P2 permite que los usuarios autenticados remotos provoquen una denegación de servicio o ejecuten código arbitrario. • http://www.securityfocus.com/bid/100429 https://kb.netapp.com/support/s/article/NTAP-20170814-0001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7345
https://notcve.org/view.php?id=CVE-2017-7345
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. NetApp OnCommand Performance Manager y OnCommand Unified Manager para datos en clúster ONTAP en versiones anteriores a 7.1P1 vincula incorrectamente el servicio de Java Management Extension Remote Method Invocation (también conocido como JMX RMI) a la red, lo que permite a atacantes remotos obtener información confidencial a través de vectores no especificados. • http://www.securityfocus.com/bid/97537 https://kb.netapp.com/support/s/article/NTAP-20170331-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •