CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8585
https://notcve.org/view.php?id=CVE-2020-8585
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). OnCommand Unified Manager Core Package versiones anteriores a 5.2.5, pueden revelar información confidencial de la cuenta a usuarios no autorizados por medio del uso de PuTTY Link (plink) • https://security.netapp.com/advisory/NTAP-20210128-0001 https://security.netapp.com/advisory/ntap-20210128-0001 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5495
https://notcve.org/view.php?id=CVE-2019-5495
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager para VMware vSphere, Linux y Windows antes de la versión 9.5 se envía sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0007 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5494
https://notcve.org/view.php?id=CVE-2019-5494
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager 7-Mode anterior a la versión 5.2.4 se envían sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5481
https://notcve.org/view.php?id=CVE-2018-5481
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. OnCommand Unified Manager para 7-Mode (paquete core) en versiones anteriores a la 5.2.4 utiliza las cookies que carecen del atributo secure en algunas circunstancias, haciéndolo vulnerable a suplantación mediante ataques de Man-in-the-Middle (MitM). • https://security.netapp.com/advisory/ntap-20190104-0001 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuración personalizada con el cumplimiento RFC2616 habilitado), los fragmentos transfer-encoding se gestionan de forma incorrecta. • http://www.securitytracker.com/id/1041194 https://access.redhat.com/errata/RHSA-2019:0910 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E https://lists.apache. • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •