NetApp Ontap Select Deploy Administration Utility
By the Year
In 2020 there have been 0 vulnerabilities in NetApp Ontap Select Deploy Administration Utility . Last year Ontap Select Deploy Administration Utility had 17 security vulnerabilities published. Right now, Ontap Select Deploy Administration Utility is on track to have less security vulerabilities in 2020 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 0 | 0.00 |
| 2019 | 17 | 8.65 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ontap Select Deploy Administration Utility vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest NetApp Ontap Select Deploy Administration Utility Security Vulnerabilities
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could
CVE-2019-17272
7.2 - High
- November 21, 2019
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
CVE-2019-17272 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could
CVE-2019-5509
9.8 - Critical
- November 21, 2019
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
CVE-2019-5509 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Downstream Injection
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
CVE-2019-5505
9.8 - Critical
- September 24, 2019
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
CVE-2019-5505 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Insufficiently Protected Credentials
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network
CVE-2019-5504
9.8 - Critical
- September 24, 2019
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
CVE-2019-5504 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Improper Input Validation
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application
CVE-2019-16168
6.5 - Medium
- September 09, 2019
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2019-16168 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Divide By Zero
An integer overflow flaw
CVE-2019-3856
8.8 - High
- March 25, 2019
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3856 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Integer Overflow or Wraparound
An integer overflow flaw
CVE-2019-3857
8.8 - High
- March 25, 2019
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3857 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Integer Overflow or Wraparound
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed
CVE-2019-3860
9.1 - Critical
- March 25, 2019
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3860 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Out-of-bounds Read
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed
CVE-2019-3861
9.1 - Critical
- March 25, 2019
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3861 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Out-of-bounds Read
A flaw was found in libssh2 before 1.8.1
CVE-2019-3863
8.8 - High
- March 25, 2019
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
CVE-2019-3863 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read
CVE-2019-3855
8.8 - High
- March 21, 2019
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3855 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Integer Overflow or Wraparound
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server
CVE-2019-3858
9.1 - Critical
- March 21, 2019
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3858 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Out-of-bounds Read
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions
CVE-2019-3859
9.1 - Critical
- March 21, 2019
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3859 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Out-of-bounds Read
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed
CVE-2019-3862
9.1 - Critical
- March 21, 2019
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3862 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Out-of-bounds Read
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL
CVE-2019-1559
5.9 - Medium
- February 27, 2019
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-1559 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
In the GNU C Library (aka glibc or libc6) through 2.29
CVE-2018-20796
7.5 - High
- February 26, 2019
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
CVE-2018-20796 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Stack Exhaustion
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read
CVE-2019-9169
9.8 - Critical
- February 26, 2019
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2019-9169 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Out-of-bounds Read