Netapp: >> Oncommand System Manager >> 2.0.2 Security Vulnerabilities
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
CVSS Score
7.2
EPSS Score
0.025
Published
2020-01-31
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-29
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-29
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-02-07