Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for OnCommand Unified Manager for 7-Mode (core package) by NetApp

    CVE-2018-5481 (GCVE-0-2018-5481)

    Vulnerability from cvelistv5 – Published: 2019-01-07 15:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
    Severity
    No CVSS data available.
    CWE
    • Man-in-the-middle (MITM)
    Assigner
    References
    Impacted products
    Date Public
    2019-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnCommand Unified Manager for 7-Mode (core package)",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 5.2.4"
                }
              ]
            }
          ],
          "datePublic": "2019-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Man-in-the-middle (MITM)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-07T14:57:01.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "ID": "CVE-2018-5481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnCommand Unified Manager for 7-Mode (core package)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 5.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Man-in-the-middle (MITM)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190104-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2018-5481",
        "datePublished": "2019-01-07T15:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:49.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7568 (GCVE-0-2017-7568)

    Vulnerability from cvelistv5 – Published: 2018-06-22 15:00 – Updated: 2024-09-17 01:45
    VLAI
    Summary
    NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
    Severity
    No CVSS data available.
    CWE
    • Sensitive Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:12.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
              },
              {
                "name": "104536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnCommand Unified Manager for 7-Mode (core package)",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below 5.2.3"
                }
              ]
            }
          ],
          "datePublic": "2018-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T09:57:02.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
            },
            {
              "name": "104536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104536"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "DATE_PUBLIC": "2018-06-21T00:00:00",
              "ID": "CVE-2017-7568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnCommand Unified Manager for 7-Mode (core package)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions below 5.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180621-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
                },
                {
                  "name": "104536",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104536"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2017-7568",
        "datePublished": "2018-06-22T15:00:00.000Z",
        "dateReserved": "2017-04-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:51.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5481 (GCVE-0-2018-5481)

    Vulnerability from nvd – Published: 2019-01-07 15:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
    Severity
    No CVSS data available.
    CWE
    • Man-in-the-middle (MITM)
    Assigner
    References
    Impacted products
    Date Public
    2019-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnCommand Unified Manager for 7-Mode (core package)",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 5.2.4"
                }
              ]
            }
          ],
          "datePublic": "2019-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Man-in-the-middle (MITM)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-07T14:57:01.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "ID": "CVE-2018-5481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnCommand Unified Manager for 7-Mode (core package)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 5.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Man-in-the-middle (MITM)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190104-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190104-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2018-5481",
        "datePublished": "2019-01-07T15:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:49.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7568 (GCVE-0-2017-7568)

    Vulnerability from nvd – Published: 2018-06-22 15:00 – Updated: 2024-09-17 01:45
    VLAI
    Summary
    NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
    Severity
    No CVSS data available.
    CWE
    • Sensitive Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:12.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
              },
              {
                "name": "104536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnCommand Unified Manager for 7-Mode (core package)",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below 5.2.3"
                }
              ]
            }
          ],
          "datePublic": "2018-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T09:57:02.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
            },
            {
              "name": "104536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104536"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "DATE_PUBLIC": "2018-06-21T00:00:00",
              "ID": "CVE-2017-7568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnCommand Unified Manager for 7-Mode (core package)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions below 5.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180621-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180621-0001/"
                },
                {
                  "name": "104536",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104536"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2017-7568",
        "datePublished": "2018-06-22T15:00:00.000Z",
        "dateReserved": "2017-04-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:51.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }