Management Services Element Software NetApp Management Services Element Software

Do you want an email whenever new security vulnerabilities are reported in NetApp Management Services Element Software?

By the Year

In 2021 there have been 2 vulnerabilities in NetApp Management Services Element Software with an average score of 6.4 out of ten. Management Services Element Software did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 2 6.40
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Management Services Element Software vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Management Services Element Software Security Vulnerabilities

Redis is an open source, in-memory database that persists on disk

CVE-2021-32675 7.5 - High - October 04, 2021

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.

Allocation of Resources Without Limits or Throttling

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive)

CVE-2020-27223 5.3 - Medium - February 26, 2021

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Rest Data Services or by NetApp? Click the Watch button to subscribe.