U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:netapp:clustered_data_ontap:8.1.4:p10:*:*:*:*:*:*
  • CPE Name Search: true
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

Published: February 08, 2021; 5:15:12 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

Published: February 08, 2021; 5:15:12 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.

Published: February 03, 2021; 1:15:16 PM -0500
V4.0:(not available)
V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2020-8588

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).

Published: February 03, 2021; 1:15:16 PM -0500
V4.0:(not available)
V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

Published: January 19, 2021; 1:15:12 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2020-8576

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.

Published: September 02, 2020; 4:15:11 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Published: February 06, 2019; 3:29:00 PM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5497

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

Published: January 24, 2019; 3:29:00 PM -0500
V4.0:(not available)
V3.0: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2018-5490

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

Published: August 03, 2018; 3:29:00 PM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-5988

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.

Published: April 10, 2017; 11:59:00 AM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4341

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.

Published: February 07, 2017; 12:59:00 PM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-3064

NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.

Published: August 31, 2016; 9:59:05 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM