CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14053
https://notcve.org/view.php?id=CVE-2017-14053
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. NetApp OnCommand Unified Manager para Clustered Data ONTAP en versiones anteriores a la 7.2P1 no establece la marca segura para una cookie sin especificar en una sesión HTTPS, lo que facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP. • https://kb.netapp.com/support/s/article/NTAP-20170831-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-6667
https://notcve.org/view.php?id=CVE-2016-6667
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. NetApp OnCommand Unified Manager para Clustered Data ONTAP 6.3 hasta la versión 6.4P1 contiene una cuenta privilegiada por defecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://kb.netapp.com/support/s/article/NTAP-20161017-0002 •