Product:

Cloud_secure_agent

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 57
Date Id Summary Products Score Patch Annotated
2022-05-12 CVE-2022-22970 In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. Active_iq_unified_manager, Brocade_san_navigator, Cloud_secure_agent, Oncommand_insight, Financial_services_crime_and_compliance_management_studio, Spring_framework 5.3
2022-05-12 CVE-2022-22971 In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. Cloud_secure_agent, Oncommand_insight, Financial_services_crime_and_compliance_management_studio, Spring_framework 6.5
2022-07-19 CVE-2022-34169 The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. Xalan\-Java, Zulu, Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, Hci_compute_node, Hci_management_node, Oncommand_insight, Solidfire, Graalvm, Jdk, Jre, Openjdk 7.5
2022-07-19 CVE-2022-21540 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability... Zulu, Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, Hci_compute_node, Hci_management_node, Oncommand_insight, Solidfire, Graalvm, Jdk, Jre, Openjdk N/A
2022-07-19 CVE-2022-21541 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this... Zulu, Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, Hci_compute_node, Hci_management_node, Oncommand_insight, Solidfire, Graalvm, Jdk, Jre, Openjdk N/A
2022-07-19 CVE-2022-21549 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update,... Zulu, Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, Hci_compute_node, Hci_management_node, Oncommand_insight, Solidfire, Graalvm, Jdk, Jre N/A
2022-08-26 CVE-2021-3859 A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Jboss_enterprise_application_platform, Single_sign\-On, Undertow 7.5
2022-08-31 CVE-2022-1259 A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Build_of_quarkus, Integration_camel_k, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow 7.5
2022-08-31 CVE-2022-1319 A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Openshift_application_runtimes, Single_sign\-On, Undertow 7.5
2022-09-01 CVE-2022-2764 A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Single_sign\-On, Undertow 4.9