CVE-2019-5509
https://notcve.org/view.php?id=CVE-2019-5509
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. Una utilidad de administración ONTAP Select Deploy, versiones 2.11.2 hasta 2.12.2, es susceptible a una vulnerabilidad de inyección de código que, cuando es explotada con éxito, podría permitir a un atacante remoto no autenticado habilitar y usar una cuenta de usuario privilegiado. • https://security.netapp.com/advisory/ntap-20191121-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-5505
https://notcve.org/view.php?id=CVE-2019-5505
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. La utilidad de administración ONTAP Select Deploy versiones 2.2 hasta 2.12.1, transmite credenciales en texto plano. • https://security.netapp.com/advisory/ntap-20190923-0002 • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVE-2019-5504
https://notcve.org/view.php?id=CVE-2019-5504
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. La utilidad de administración de ONTAP Select Deploy, versiones 2.12 y 2.12.1, ensamblado con un servicio HTTP vinculado a la red permite a los atacantes remotos no autenticados realizar acciones administrativas. • https://security.netapp.com/advisory/ntap-20190923-0001 • CWE-306: Missing Authentication for Critical Function •
CVE-2017-5995
https://notcve.org/view.php?id=CVE-2017-5995
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. La utilidad de administración NetApp ONTAP Select Deploy 2.0 hasta la versión 2.2.1 podrían permitir a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/96522 https://kb.netapp.com/support/s/article/NTAP-20170228-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •