Netapp: >> Snapcenter Server >> 2.0 Security Vulnerabilities
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-03-04
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-04
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-03-06
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-11-16