Netapp: >> Snapcenter >> 3.0 Security Vulnerabilities
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability
which could allow an authenticated attacker to discover plaintext
credentials.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-07-09
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a
vulnerability which may allow an authenticated unprivileged user to gain
access as an admin user.
CVSS Score
8.3
EPSS Score
0.002
Published
2023-10-12
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-29
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-16
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVSS Score
7.5
EPSS Score
0.131
Published
2021-04-01
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CVSS Score
9.8
EPSS Score
0.048
Published
2018-06-26