CVE-2016-3064
https://notcve.org/view.php?id=CVE-2016-3064
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. NetApp Clustered Data ONTAP en versiones anteriores a 8.2.4P4 y 8.3.x en versiones anteriores a 8.3.2P2 permite a usuarios remotos autenticados obtener información de cluster y usuario sensible a través de vectores no especificados. • http://kb.netapp.com/support/index?page=content&id=9010099 http://www.securityfocus.com/bid/92686 https://security.netapp.com/advisory/ntap-20160830-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1563
https://notcve.org/view.php?id=CVE-2016-1563
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NetApp Clustered Data ONTAP 8.3.1 no verifica correctamente los certificados X.509 de servidores TLS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • https://kb.netapp.com/support/index?page=content&id=9010064 https://security.netapp.com/advisory/ntap-20160310-0002 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •