Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Santricity_cloud_connector
(Netapp)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 27 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-06-22 | CVE-2021-34428 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. | Debian_linux, Jetty, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Element_plug\-In_for_vcenter_server, Santricity_cloud_connector, Snap_creator_framework, Snapmanager, Autovue_for_agile_product_lifecycle_management, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Rest_data_services, Siebel_core_\-_automation | 3.5 | ||
2018-04-19 | CVE-2018-2825 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can... | Ubuntu_linux, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter, Storagegrid, Vasa_provider, Virtual_storage_console, Jdk, Jre | 8.3 | ||
2018-04-19 | CVE-2018-2826 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can... | Ubuntu_linux, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter, Storagegrid, Vasa_provider, Virtual_storage_console, Jdk, Jre | 8.3 | ||
2018-01-18 | CVE-2018-2581 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this... | Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Satellite | 4.7 | ||
2018-01-18 | CVE-2018-2627 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks... | Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Satellite | 7.5 | ||
2018-01-18 | CVE-2018-2638 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this... | Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_cloud_connector, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 8.3 | ||
2018-03-26 | CVE-2017-15710 | In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters... | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 7.5 | ||
2018-03-26 | CVE-2017-15715 | In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 8.1 | ||
2018-03-26 | CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 5.3 | ||
2018-03-26 | CVE-2018-1301 | A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. | Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux | 5.9 |