Netapp: >> Clustered Data Ontap >> 8.3 Security Vulnerabilities
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
CVSS Score
4.7
EPSS Score
0.002
Published
2021-10-12
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-06-04
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-02-08
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-02-08
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
CVSS Score
3.5
EPSS Score
0.001
Published
2021-02-03
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
CVSS Score
3.5
EPSS Score
0.001
Published
2021-02-03
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-01-19
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-02
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVSS Score
6.1
EPSS Score
0.842
Published
2019-09-26
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVSS Score
7.5
EPSS Score
0.087
Published
2019-05-15
Page 1