NetApp Ontap
By the Year
In 2024 there have been 1 vulnerability in NetApp Ontap with an average score of 7.5 out of ten. Last year Ontap had 2 security vulnerabilities published. Right now, Ontap is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 2.25.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 7.50 |
2023 | 2 | 5.25 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Ontap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Ontap Security Vulnerabilities
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response
CVE-2024-27316
7.5 - High
- April 04, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Allocation of Resources Without Limits or Throttling
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a
vulnerability
CVE-2023-27317
4.6 - Medium
- December 15, 2023
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature
CVE-2023-27536
5.9 - Medium
- March 30, 2023
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Splunk Universal Forwarder or by NetApp? Click the Watch button to subscribe.