CPE – NetApp Active IQ Unified Manager 7.3 for Linux

CPE Details

NetApp Active IQ Unified Manager 7.3 for Linux

Vendor

netapp

Product

active_iq_unified_manager

Version

7.3

Created

2021-02-18
17h53 +00:00

Modifié

2021-02-18
17h53 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:netapp:active_iq_unified_manager:7.3:::::linux::

Informations

Vendor

netapp

Product

active_iq_unified_manager

Version

7.3

Target Software

linux

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2022-23240	2023-02-28 00h00 +00:00	Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.	6.5	Moyen
CVE-2022-23239	2023-02-27 23h00 +00:00	Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.	4.8	Moyen
CVE-2022-23235	2022-08-25 15h25 +00:00	Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.	5.3	Moyen
CVE-2020-8574	2020-08-03 14h56 +00:00	Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.	7.8	Haute
CVE-2020-14195	2020-06-16 13h07 +00:00	FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).	8.1	Haute
CVE-2020-14060	2020-06-14 18h46 +00:00	FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).	8.1	Haute
CVE-2020-14061	2020-06-14 17h42 +00:00	FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).	8.1	Haute
CVE-2020-14062	2020-06-14 17h42 +00:00	FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).	8.1	Haute
CVE-2020-11620	2020-04-07 20h14 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).	8.1	Haute
CVE-2020-11619	2020-04-07 20h14 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).	8.1	Haute
CVE-2020-9546	2020-03-02 02h59 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).	9.8	Critique
CVE-2020-9547	2020-03-02 02h59 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).	9.8	Critique
CVE-2020-9548	2020-03-02 02h58 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).	9.8	Critique
CVE-2019-20330	2020-01-03 02h35 +00:00	FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.	9.8	Critique
CVE-2019-18218	2019-10-21 02h41 +00:00	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	7.8	Haute
CVE-2019-17359	2019-10-08 11h39 +00:00	The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.	7.5	Haute
CVE-2019-17267	2019-10-06 21h08 +00:00	A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.	9.8	Critique
CVE-2019-16943	2019-10-01 14h06 +00:00	A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.	9.8	Critique
CVE-2019-16942	2019-10-01 14h04 +00:00	A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.	9.8	Critique
CVE-2019-14379	2019-07-29 09h42 +00:00	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.	9.8	Critique
CVE-2018-1000873	2018-12-20 16h00 +00:00	Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.	6.5	Moyen

NetApp Active IQ Unified Manager 7.3 for Linux

CPE Details

CPE Name: cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:linux:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:netapp:active_iq_unified_manager:7.3:::::linux::