Ontap NetApp Ontap

Do you want an email whenever new security vulnerabilities are reported in NetApp Ontap?

By the Year

In 2024 there have been 1 vulnerability in NetApp Ontap with an average score of 7.5 out of ten. Last year Ontap had 2 security vulnerabilities published. Right now, Ontap is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 2.25.

Year Vulnerabilities Average Score
2024 1 7.50
2023 2 5.25
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ontap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Ontap Security Vulnerabilities

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response

CVE-2024-27316 7.5 - High - April 04, 2024

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Allocation of Resources Without Limits or Throttling

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability

CVE-2023-27317 4.6 - Medium - December 15, 2023

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature

CVE-2023-27536 5.9 - Medium - March 30, 2023

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Splunk Universal Forwarder or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

NetApp Ontap
Product

subscribe