Oncommand_system_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Oncommand_system_manager
(Netapp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	27

Date	Id	Summary	Products	Score	Patch	Annotated
2020-04-29	CVE-2020-11022	In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.	Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Leap, Agile_product_lifecycle_management_for_process, Agile_product_supplier_collaboration_for_process, Application_testing_suite, Banking_digital_experience, Blockchain_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router_idih\:, Communications_eagle_application_processor, Communications_services_gatekeeper, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Healthcare_foundation, Hospitality_materials_control, Hospitality_simphony, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_back_office, Retail_customer_management_and_segmentation_foundation, Retail_returns_management, Siebel_ui_framework, Storagetek_acsls, Weblogic_server, Log_correlation_engine	6.1
2020-06-26	CVE-2020-11996	A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.	Tomcat, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Leap, Mysql_enterprise_monitor, Siebel_ui_framework, Workload_manager	7.5
2020-03-24	CVE-2019-17276	OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.	Oncommand_system_manager	N/A
2020-01-31	CVE-2013-3322	NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.	Oncommand_system_manager	N/A
2020-01-29	CVE-2013-3321	NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.	Oncommand_system_manager	N/A
2020-01-29	CVE-2013-3320	Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.	Oncommand_system_manager	N/A
2016-09-01	CVE-2016-5047	NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.	Oncommand_system_manager	6.5
2017-07-03	CVE-2016-5045	NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.	Oncommand_system_manager	8.1
2017-02-07	CVE-2016-3063	Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.	Oncommand_system_manager	7.5