NetApp Element Plug Vcenter Server
By the Year
In 2024 there have been 0 vulnerabilities in NetApp Element Plug Vcenter Server . Element Plug Vcenter Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.10 |
| 2021 | 6 | 5.32 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Element Plug Vcenter Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Element Plug Vcenter Server Security Vulnerabilities
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug
CVE-2022-2048
7.5 - High
- July 07, 2022
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
In Eclipse Jetty versions 9.4.0 thru 9.4.46
CVE-2022-2047
2.7 - Low
- July 07, 2022
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Improper Input Validation
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs
CVE-2021-34429
5.3 - Medium
- July 15, 2021
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown
CVE-2021-34428
3.5 - Low
- June 22, 2021
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Insufficient Session Expiration
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory
CVE-2021-28163
2.7 - Low
- April 01, 2021
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
insecure temporary file
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs
CVE-2021-28164
5.3 - Medium
- April 01, 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Element Plug-in for vCenter Server incorporates SpringBoot Framework
CVE-2021-26987
9.8 - Critical
- March 15, 2021
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive)
CVE-2020-27223
5.3 - Medium
- February 26, 2021
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Resource Exhaustion
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker
CVE-2019-5492
7.5 - High
- April 29, 2019
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Hyper Converged Infrastructure Compute Node or by NetApp? Click the Watch button to subscribe.
