NetApp Service Level Manager

CPE Details

NetApp Service Level Manager
-
2021-01-27
14h27 +00:00
2021-01-27
14h27 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

Informations

Vendor

netapp

Product

service_level_manager

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-42550 2021-12-15 23h00 +00:00 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
6.6
Medium
CVE-2021-20190 2021-01-19 15h27 +00:00 A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1
High
CVE-2020-36179 2021-01-06 21h30 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
8.8
High
CVE-2020-36180 2021-01-06 21h30 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
8.8
High
CVE-2020-36182 2021-01-06 21h30 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
8.8
High
CVE-2020-36183 2021-01-06 21h30 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
8.1
High
CVE-2020-36184 2021-01-06 21h30 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
8.8
High
CVE-2020-36185 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
8.1
High
CVE-2020-36186 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
8.1
High
CVE-2020-36187 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
8.1
High
CVE-2020-36188 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
8.1
High
CVE-2020-36189 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
8.1
High
CVE-2020-36181 2021-01-06 21h29 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
8.8
High
CVE-2020-35728 2020-12-27 03h32 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
8.1
High
CVE-2020-35490 2020-12-17 17h43 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
8.1
High
CVE-2020-35491 2020-12-17 17h43 +00:00 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
8.1
High
CVE-2020-25649 2020-12-03 15h16 +00:00 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
7.5
High
CVE-2020-25689 2020-10-29 23h00 +00:00 A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
6.5
Medium
CVE-2020-25644 2020-10-05 22h00 +00:00 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
7.5
High
CVE-2020-8840 2020-02-10 18h41 +00:00 FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
9.8
Critical
CVE-2019-20330 2020-01-03 02h35 +00:00 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8
Critical
CVE-2019-17359 2019-10-08 11h39 +00:00 The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
7.5
High
CVE-2019-17267 2019-10-06 21h08 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
9.8
Critical
CVE-2019-16943 2019-10-01 14h06 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
9.8
Critical
CVE-2019-16942 2019-10-01 14h04 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
9.8
Critical
CVE-2019-14379 2019-07-29 09h42 +00:00 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
9.8
Critical
CVE-2019-10744 2019-07-25 21h43 +00:00 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
9.1
Critical
CVE-2017-15518 2018-02-23 23h00 +00:00 All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
7.8
High
CVE-2017-5645 2017-04-17 19h00 +00:00 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
9.8
Critical