CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8585
https://notcve.org/view.php?id=CVE-2020-8585
28 Jan 2021 — OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). OnCommand Unified Manager Core Package versiones anteriores a 5.2.5, pueden revelar información confidencial de la cuenta a usuarios no autorizados por medio del uso de PuTTY Link (plink) • https://security.netapp.com/advisory/NTAP-20210128-0001 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5495
https://notcve.org/view.php?id=CVE-2019-5495
10 May 2019 — OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager para VMware vSphere, Linux y Windows antes de la versión 9.5 se envía sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0007 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5494
https://notcve.org/view.php?id=CVE-2019-5494
10 May 2019 — OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager 7-Mode anterior a la versión 5.2.4 se envían sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5481
https://notcve.org/view.php?id=CVE-2018-5481
07 Jan 2019 — OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. OnCommand Unified Manager para 7-Mode (paquete core) en versiones anteriores a la 5.2.4 utiliza las cookies que carecen del atributo secure en algunas circunstancias, haciéndolo vulnerable a suplantación mediante ataques de Man-in-the-Middle (MitM). • https://security.netapp.com/advisory/ntap-20190104-0001 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 4%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
26 Jun 2018 — In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrar... • http://www.securitytracker.com/id/1041194 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7568
https://notcve.org/view.php?id=CVE-2017-7568
22 Jun 2018 — NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. NetApp OnCommand Unified Manager for 7-Mode (paquete core) en versiones anteriores a la 5.2.3 podría revelar información sensible de la cuenta LDAP a usuarios autenticados cuando la configuración de autenticación LDAP se prueba a través de la interfaz de usuario. • http://www.securityfocus.com/bid/104536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11461
https://notcve.org/view.php?id=CVE-2017-11461
09 Nov 2017 — NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. NetApp OnCommand Unified Manager para 7-mode (core package) en versiones anteriores a la 5.2.1 es susceptible al secuestro de clics o "UI redress attack", lo que se podría utilizar para provocar que un usuario realice una acción no planeada en la interfaz de usuario. • http://www.securityfocus.com/bid/101778 • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 55EXPL: 0CVE-2017-10345 – OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)
https://notcve.org/view.php?id=CVE-2017-10345
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulne... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.6EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10346 – OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
https://notcve.org/view.php?id=CVE-2017-10346
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signi... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10347 – OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)
https://notcve.org/view.php?id=CVE-2017-10347
19 Oct 2017 — Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •