Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_system_manager
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-24 | CVE-2019-17276 | OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | Oncommand_system_manager | N/A | ||
| 2020-01-31 | CVE-2013-3322 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | Oncommand_system_manager | N/A | ||
| 2020-01-29 | CVE-2013-3321 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | Oncommand_system_manager | N/A | ||
| 2020-01-29 | CVE-2013-3320 | Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | Oncommand_system_manager | N/A | ||
| 2016-09-01 | CVE-2016-5047 | NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | Oncommand_system_manager | 6.5 | ||
| 2017-07-03 | CVE-2016-5045 | NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | Oncommand_system_manager | 8.1 | ||
| 2017-02-07 | CVE-2016-3063 | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | Oncommand_system_manager | 7.5 |