CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5482
https://notcve.org/view.php?id=CVE-2018-5482
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. NetApp SnapCenter Server, en versiones anteriores a la 4.1, no establece el indicador "secure" para una cookie sensible en una sesión HTTPS que podría permitir la trasmisión de dicha cookie en texto plano en un canal sin cifrar. • http://www.securityfocus.com/bid/107274 https://security.netapp.com/advisory/ntap-20190304-0001 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15515
https://notcve.org/view.php?id=CVE-2017-15515
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. NetApp SnapCenter Server, en versiones anteriores a la 4.0, es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) que podría permitir a un usuario privilegiado inyectar scripts arbitrarios en el campo "label" de la política personalizada secundaria. • http://www.securityfocus.com/bid/107272 https://security.netapp.com/advisory/ntap-20190304-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15519
https://notcve.org/view.php?id=CVE-2017-15519
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation. Desde la versión 2.0 a la 3.0.1 de SnapCenter, atacantes remotos no autenticados pueden ver y modificar copias de seguridad relacionadas con el plug-in para NAS File Services. Se recomienda encarecidamente que los usuarios empleen la versión 3.0.1 y realicen los pasos de mitigación o actualicen a la versión 4-0 siguiendo las instrucciones del producto. • https://security.netapp.com/advisory/ntap-20180306-0001 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15516
https://notcve.org/view.php?id=CVE-2017-15516
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. NetApp SnapCenter Server desde la versión 1.1 hasta las 2.x es susceptible a Cross-Site Request Forgery (CSRF), vulnerabilidad que se podría utilizar para provocar una acción autenticada no deseada en la interfaz de usuario. • https://security.netapp.com/advisory/ntap-20171114-0001 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7887
https://notcve.org/view.php?id=CVE-2015-7887
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. NetApp SnapCenter Server 1.0 permite que usuarios remotos autenticados enumeren y eliminen copias de seguridad. • http://www.securityfocus.com/bid/77315 https://kb.netapp.com/support/s/article/ka51A00000007EnQAI/authentication-bypass-vulnerability-in-snapcenter-server-1-0?language=en_US • CWE-284: Improper Access Control •