CVE-2022-23239
https://notcve.org/view.php?id=CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. • https://security.netapp.com/advisory/ntap-20220901-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23240
https://notcve.org/view.php?id=CVE-2022-23240
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. • https://security.netapp.com/advisory/ntap-20220901-0002 •
CVE-2022-23235
https://notcve.org/view.php?id=CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. Active IQ Unified Manager para VMware vSphere, Linux y Microsoft Windows versiones anteriores a 9.10P1, son susceptibles de sufrir una vulnerabilidad que podría permitir a un atacante detectar información específica del clúster, del nodo y de Active IQ Unified Manager por medio de los datos de telemetría de AutoSupport que son enviados incluso cuando AutoSupport ha sido deshabilitado. • https://security.netapp.com/advisory/ntap-20220324-0001 •
CVE-2020-8574
https://notcve.org/view.php?id=CVE-2020-8574
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. Active IQ Unified Manager para Linux versiones anteriores a 9.6, incluido con el servicio Java Management Extension Remote Method Invocation (JMX RMI) habilitado permite una ejecución de código no autorizado a usuarios locales • https://security.netapp.com/advisory/ntap-20200803-0001 •
CVE-2020-8575
https://notcve.org/view.php?id=CVE-2020-8575
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). Active IQ Unified Manager para VMware vSphere y Windows versiones anteriores a 9.5, son susceptibles a una vulnerabilidad que permite a usuarios administrativos causar una Denegación de Servicio (DoS) • https://security.netapp.com/advisory/ntap-20200803-0002 •