Snapcenter Plug In NetApp Snapcenter Plug In

Do you want an email whenever new security vulnerabilities are reported in NetApp Snapcenter Plug In?

By the Year

In 2022 there have been 0 vulnerabilities in NetApp Snapcenter Plug In . Last year Snapcenter Plug In had 3 security vulnerabilities published. Right now, Snapcenter Plug In is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 4.43
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Snapcenter Plug In vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Snapcenter Plug In Security Vulnerabilities

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs

CVE-2021-34429 5.3 - Medium - July 15, 2021

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

AuthZ

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs

CVE-2021-28164 5.3 - Medium - April 01, 2021

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

AuthZ

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory

CVE-2021-28163 2.7 - Low - April 01, 2021

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

insecure temporary file

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Siebel Core Automation or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe