Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ontap_mediator by netapp

    CVE-2023-27319 (GCVE-0-2023-27319)

    Vulnerability from nvd – Published: 2023-12-21 21:15 – Updated: 2024-08-02 12:09
    VLAI
    Title
    CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
    Summary
    ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetApp ONTAP Mediator Affected: 0 , < 1.7 (1.7)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ONTAP Mediator",
              "vendor": "NetApp",
              "versions": [
                {
                  "lessThan": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
                }
              ],
              "value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-21T21:15:51.018Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
            }
          ],
          "source": {
            "advisory": "NTAP-20231221-0011",
            "discovery": "UNKNOWN"
          },
          "title": " CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2023-27319",
        "datePublished": "2023-12-21T21:15:51.018Z",
        "dateReserved": "2023-02-28T17:20:57.462Z",
        "dateUpdated": "2024-08-02T12:09:43.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37920 (GCVE-0-2023-37920)

    Vulnerability from nvd – Published: 2023-07-25 20:45 – Updated: 2025-03-05 18:47
    VLAI
    Title
    Certifi's removal of e-Tugra root certificate
    Summary
    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    certifi python-certifi Affected: >= 2015.04.28, < 2023.07.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T16:02:55.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
              },
              {
                "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
              },
              {
                "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240912-0002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:32.972572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:47:15.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python-certifi",
              "vendor": "certifi",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2015.04.28, \u003c 2023.07.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra\u0027s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-12T05:07:57.236Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
            },
            {
              "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
            },
            {
              "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
            }
          ],
          "source": {
            "advisory": "GHSA-xqr8-7jwr-rhp7",
            "discovery": "UNKNOWN"
          },
          "title": "Certifi\u0027s removal of e-Tugra root certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-37920",
        "datePublished": "2023-07-25T20:45:35.286Z",
        "dateReserved": "2023-07-10T17:51:29.612Z",
        "dateUpdated": "2025-03-05T18:47:15.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27319 (GCVE-0-2023-27319)

    Vulnerability from cvelistv5 – Published: 2023-12-21 21:15 – Updated: 2024-08-02 12:09
    VLAI
    Title
    CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
    Summary
    ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetApp ONTAP Mediator Affected: 0 , < 1.7 (1.7)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ONTAP Mediator",
              "vendor": "NetApp",
              "versions": [
                {
                  "lessThan": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
                }
              ],
              "value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-21T21:15:51.018Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
            }
          ],
          "source": {
            "advisory": "NTAP-20231221-0011",
            "discovery": "UNKNOWN"
          },
          "title": " CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2023-27319",
        "datePublished": "2023-12-21T21:15:51.018Z",
        "dateReserved": "2023-02-28T17:20:57.462Z",
        "dateUpdated": "2024-08-02T12:09:43.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37920 (GCVE-0-2023-37920)

    Vulnerability from cvelistv5 – Published: 2023-07-25 20:45 – Updated: 2025-03-05 18:47
    VLAI
    Title
    Certifi's removal of e-Tugra root certificate
    Summary
    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    certifi python-certifi Affected: >= 2015.04.28, < 2023.07.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T16:02:55.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
              },
              {
                "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
              },
              {
                "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240912-0002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:32.972572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:47:15.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python-certifi",
              "vendor": "certifi",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2015.04.28, \u003c 2023.07.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra\u0027s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-12T05:07:57.236Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
            },
            {
              "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
            },
            {
              "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
            }
          ],
          "source": {
            "advisory": "GHSA-xqr8-7jwr-rhp7",
            "discovery": "UNKNOWN"
          },
          "title": "Certifi\u0027s removal of e-Tugra root certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-37920",
        "datePublished": "2023-07-25T20:45:35.286Z",
        "dateReserved": "2023-07-10T17:51:29.612Z",
        "dateUpdated": "2025-03-05T18:47:15.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }