Search
Find a vulnerability
Search criteria
4 vulnerabilities found for OnCommand Unified Manager for 7-Mode (core package) by NetApp
CVE-2018-5481 (GCVE-0-2018-5481)
Vulnerability from cvelistv5 – Published: 2019-01-07 15:00 – Updated: 2024-08-05 05:40
VLAI
EPSS
VEX
Summary
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
Severity
No CVSS data available.
CWE
- Man-in-the-middle (MITM)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2019010… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | OnCommand Unified Manager for 7-Mode (core package) |
Affected:
Versions prior to 5.2.4
|
Date Public
2019-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for 7-Mode (core package)",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions prior to 5.2.4"
}
]
}
],
"datePublic": "2019-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Man-in-the-middle (MITM)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-07T14:57:01.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2018-5481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for 7-Mode (core package)",
"version": {
"version_data": [
{
"version_value": "Versions prior to 5.2.4"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-middle (MITM)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5481",
"datePublished": "2019-01-07T15:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:40:49.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7568 (GCVE-0-2017-7568)
Vulnerability from cvelistv5 – Published: 2018-06-22 15:00 – Updated: 2024-09-17 01:45
VLAI
EPSS
VEX
Summary
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
Severity
No CVSS data available.
CWE
- Sensitive Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2018062… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/104536 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | OnCommand Unified Manager for 7-Mode (core package) |
Affected:
Versions below 5.2.3
|
Date Public
2018-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for 7-Mode (core package)",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions below 5.2.3"
}
]
}
],
"datePublic": "2018-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T09:57:02.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2018-06-21T00:00:00",
"ID": "CVE-2017-7568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for 7-Mode (core package)",
"version": {
"version_data": [
{
"version_value": "Versions below 5.2.3"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180621-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2017-7568",
"datePublished": "2018-06-22T15:00:00.000Z",
"dateReserved": "2017-04-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:51.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5481 (GCVE-0-2018-5481)
Vulnerability from nvd – Published: 2019-01-07 15:00 – Updated: 2024-08-05 05:40
VLAI
EPSS
VEX
Summary
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
Severity
No CVSS data available.
CWE
- Man-in-the-middle (MITM)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2019010… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | OnCommand Unified Manager for 7-Mode (core package) |
Affected:
Versions prior to 5.2.4
|
Date Public
2019-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for 7-Mode (core package)",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions prior to 5.2.4"
}
]
}
],
"datePublic": "2019-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Man-in-the-middle (MITM)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-07T14:57:01.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2018-5481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for 7-Mode (core package)",
"version": {
"version_data": [
{
"version_value": "Versions prior to 5.2.4"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-middle (MITM)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5481",
"datePublished": "2019-01-07T15:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:40:49.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7568 (GCVE-0-2017-7568)
Vulnerability from nvd – Published: 2018-06-22 15:00 – Updated: 2024-09-17 01:45
VLAI
EPSS
VEX
Summary
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
Severity
No CVSS data available.
CWE
- Sensitive Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2018062… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/104536 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | OnCommand Unified Manager for 7-Mode (core package) |
Affected:
Versions below 5.2.3
|
Date Public
2018-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for 7-Mode (core package)",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions below 5.2.3"
}
]
}
],
"datePublic": "2018-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T09:57:02.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2018-06-21T00:00:00",
"ID": "CVE-2017-7568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for 7-Mode (core package)",
"version": {
"version_data": [
{
"version_value": "Versions below 5.2.3"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180621-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
},
{
"name": "104536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2017-7568",
"datePublished": "2018-06-22T15:00:00.000Z",
"dateReserved": "2017-04-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:51.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}