CVE-2017-7439
https://notcve.org/view.php?id=CVE-2017-7439
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. NetApp OnCommand Unified Manager Core Package 5.x antes de 5.2.2P1 podría permitir a atacantes remotos obtener información confidencial a través de vectores que implican mensajes de error. • https://kb.netapp.com/support/s/article/NTAP-20170517-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7236
https://notcve.org/view.php?id=CVE-2017-7236
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en NetApp OnCommand Unified Manager Core Package 5x y en versiones anteriores a la 5.2.2P1 que permite a los atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores sin especificar. • https://kb.netapp.com/support/s/article/NTAP-20170517-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •