threat
engine
.sh
Back
·
··:··
Home
/
Product
/
netapp oncommand system manager
Product
netapp oncommand system manager
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-8587
>= 9.0 and < 9.3
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow H
5.5
MEDIUM
CVE-2020-17527
>= 3.0.0 and <= 3.1.3
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59
7.5
HIGH
CVE-2020-27218
>= 3.0 and <= 3.1.3
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP
4.8
MEDIUM
CVE-2020-13935
>= 3.0.0 and <= 3.1.3
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8
7.5
HIGH
CVE-2020-13934
>= 3.0.0 and <= 3.1.3
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/
7.5
HIGH
CVE-2020-11996
all versions
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.
7.5
HIGH
CVE-2020-7656
>= 3.0.0 and <= 3.1.3
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<scr
6.1
MEDIUM
CVE-2020-11022
>= 3.0 and <= 3.1.3
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9
MEDIUM
CVE-2020-11023
>= 3.0 and <= 3.1.3
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9
MEDIUM
CVE-2019-17276
all versions
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerabili
5.4
MEDIUM
CVE-2020-1938
>= 3.0.0 and <= 3.1.3
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats
9.8
CRITICAL
CVE-2020-1935
>= 3.0.0 and <= 3.1.3
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-l
4.8
MEDIUM
CVE-2019-17569
>= 3.0.0 and <= 3.1.3
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The resu
4.8
MEDIUM
CVE-2013-3322
<= 2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
7.2
HIGH
CVE-2013-3321
<= 2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted reque
7.5
HIGH
CVE-2013-3320
< 2.2
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary
6.1
MEDIUM
CVE-2019-12418
>= 3.0.0 and <= 3.1.3
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a l
7.0
HIGH
CVE-2019-17571
>= 3.0 and <= 3.1.3
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to re
9.8
CRITICAL
CVE-2019-10247
>= 3.0 and <= 3.1.3
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jett
5.3
MEDIUM
CVE-2019-10246
>= 3.0 and <= 3.1.3
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie
5.3
MEDIUM
CVE-2019-11358
>= 3.0 and <= 3.1.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1
MEDIUM
CVE-2017-7658
>= 3.0 and <= 3.1.3
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations
9.8
CRITICAL
CVE-2017-7657
all versions
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 complian
9.8
CRITICAL
CVE-2018-12538
>= 3.0.0 and <= 3.1.3
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage
8.8
HIGH
CVE-2016-5045
all versions
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster
8.1
HIGH
CVE-2016-3063
<= 8.3.1
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote
7.5
HIGH
CVE-2016-5047
all versions
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecifie
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin