Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:netapp:storagegrid:11.2.0.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21988 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. Published: June 14, 2024; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2024-21984 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. Published: February 16, 2024; 6:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.9 MEDIUM V2.0:(not available) |
CVE-2024-21983 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. Published: February 16, 2024; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-38734 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service. Published: March 02, 2023; 1:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-23233 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. Published: March 04, 2022; 1:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2022-23232 |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). Published: March 04, 2022; 1:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-8571 |
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). Published: March 13, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |