CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7345
https://notcve.org/view.php?id=CVE-2017-7345
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. NetApp OnCommand Performance Manager y OnCommand Unified Manager para datos en clúster ONTAP en versiones anteriores a 7.1P1 vincula incorrectamente el servicio de Java Management Extension Remote Method Invocation (también conocido como JMX RMI) a la red, lo que permite a atacantes remotos obtener información confidencial a través de vectores no especificados. • http://www.securityfocus.com/bid/97537 https://kb.netapp.com/support/s/article/NTAP-20170331-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4341
https://notcve.org/view.php?id=CVE-2016-4341
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. NetApp Clustered Data ONTAP en versiones anteriores a 8.3.2P7 permite a atacantes remotos obtener información compartida SMB a través de vectores no especificados. • https://kb.netapp.com/support/s/article/NTAP-20161028-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8020
https://notcve.org/view.php?id=CVE-2015-8020
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. Clustered Data ONTAP versiones 8.0, 8.3.1 y 8.3.2 contiene una cuenta por defecto privilegiada que bajo ciertas condiciones puede ser usada para revelar información no autorizada. • http://www.securityfocus.com/bid/92329 https://kb.netapp.com/support/s/article/cve-2015-8020-default-privileged-account-credentials-vulnerability-in-in-clustered-data-ontap?language=en_US https://security.netapp.com/advisory/ntap-20160802-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3064
https://notcve.org/view.php?id=CVE-2016-3064
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. NetApp Clustered Data ONTAP en versiones anteriores a 8.2.4P4 y 8.3.x en versiones anteriores a 8.3.2P2 permite a usuarios remotos autenticados obtener información de cluster y usuario sensible a través de vectores no especificados. • http://kb.netapp.com/support/index?page=content&id=9010099 http://www.securityfocus.com/bid/92686 https://security.netapp.com/advisory/ntap-20160830-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1563
https://notcve.org/view.php?id=CVE-2016-1563
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NetApp Clustered Data ONTAP 8.3.1 no verifica correctamente los certificados X.509 de servidores TLS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • https://kb.netapp.com/support/index?page=content&id=9010064 https://security.netapp.com/advisory/ntap-20160310-0002 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •