Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Manager
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45105 5 Apache, Debian, Netapp and 2 more 121 Log4j, Debian Linux, Cloud Manager and 118 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-44228 11 Apache, Bentley, Cisco and 8 more 156 Log4j, Synchro, Synchro 4d and 153 more 2023-12-10 9.3 HIGH 10.0 CRITICAL
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-42550 4 Netapp, Qos, Redhat and 1 more 6 Cloud Manager, Service Level Manager, Snap Creator Framework and 3 more 2023-12-10 8.5 HIGH 6.6 MEDIUM
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CVE-2021-27002 1 Netapp 1 Cloud Manager 2023-12-10 5.0 MEDIUM 7.5 HIGH
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
CVE-2021-31808 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Cloud Manager and 1 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
CVE-2021-28163 5 Apache, Eclipse, Fedoraproject and 2 more 23 Ignite, Solr, Jetty and 20 more 2023-12-10 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CVE-2021-26999 1 Netapp 1 Cloud Manager 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CVE-2021-28164 3 Eclipse, Netapp, Oracle 17 Jetty, Cloud Manager, E-series Performance Analyzer and 14 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-28165 4 Eclipse, Jenkins, Netapp and 1 more 21 Jetty, Jenkins, Cloud Manager and 18 more 2023-12-10 7.8 HIGH 7.5 HIGH
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVE-2021-31807 3 Fedoraproject, Netapp, Squid-cache 3 Fedora, Cloud Manager, Squid 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
CVE-2021-28651 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Cloud Manager and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
CVE-2021-31806 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Cloud Manager and 1 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
CVE-2021-26998 1 Netapp 1 Cloud Manager 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CVE-2021-26990 1 Netapp 1 Cloud Manager 2023-12-10 9.4 HIGH 9.1 CRITICAL
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.
CVE-2021-26991 1 Netapp 1 Cloud Manager 2023-12-10 5.0 MEDIUM 7.5 HIGH
Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.
CVE-2021-26992 1 Netapp 1 Cloud Manager 2023-12-10 5.0 MEDIUM 7.5 HIGH
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).
CVE-2020-25097 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Cloud Manager and 1 more 2023-12-10 5.0 MEDIUM 8.6 HIGH
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
CVE-2021-23337 4 Lodash, Netapp, Oracle and 1 more 23 Lodash, Active Iq Unified Manager, Cloud Manager and 20 more 2023-12-10 6.5 MEDIUM 7.2 HIGH
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-14058 3 Fedoraproject, Netapp, Squid-cache 3 Fedora, Cloud Manager, Squid 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.