CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2021-27001
https://notcve.org/view.php?id=CVE-2021-27001
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. Clustered Data ONTAP versiones 9.x anteriores a 9.5P18, 9.6P16, 9.7P16, 9.8P7 y 9.9.1P2, son susceptibles de una vulnerabilidad que podría permitir a un atacante local privilegiado y autenticado modificar arbitrariamente los datos WORM en modo de cumplimiento antes de que finalice el periodo de retención • https://security.netapp.com/advisory/ntap-20211018-0001 •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27003
https://notcve.org/view.php?id=CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Clustered Data ONTAP versiones anteriores a 9.5P18, 9.6P15, 9.7P14, 9.8P5 y 9.9.1 carecen de un encabezado X-Frame-Options que podría permitir un ataque de clickjacking • https://security.netapp.com/advisory/ntap-20211012-0001 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26994
https://notcve.org/view.php?id=CVE-2021-26994
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Clustered Data ONTAP versiones anteriores a 9.7P13 y 9.8P3, son susceptibles a una vulnerabilidad que podría permitir a cargas de trabajo individuales causar una Denegación de Servicio (DoS) en un nodo del clúster • https://security.netapp.com/advisory/NTAP-20210601-0001 •
CVSS: 3.3EPSS: 0%CPEs: 33EXPL: 0CVE-2020-8590
https://notcve.org/view.php?id=CVE-2020-8590
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.1P18 y 9.3P12, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data es establecido en verdadero • https://security.netapp.com/advisory/NTAP-20210208-0003 •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8578
https://notcve.org/view.php?id=CVE-2020-8578
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.3P20, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data se establece en true • https://security.netapp.com/advisory/NTAP-20210208-0002 •