Netapp

Oncommand Insight

969 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-29768

  • EPSS 0.3%
  • Veröffentlicht 24.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:46

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.

9.8

CVE-2021-38945

  • EPSS 0.23%
  • Veröffentlicht 24.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:15

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

6.1

CVE-2021-39047

  • EPSS 0.22%
  • Veröffentlicht 24.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:29

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

8.1

CVE-2022-27778

Exploit
  • EPSS 0.66%
  • Veröffentlicht 02.06.2022 14:15:43
  • Zuletzt bearbeitet 21.11.2024 06:56:10

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

5.9

CVE-2021-3597

  • EPSS 0.17%
  • Veröffentlicht 24.05.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:56

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...

5.9

CVE-2021-3629

  • EPSS 0.36%
  • Veröffentlicht 24.05.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:01

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw af...

5.3

CVE-2022-22970

  • EPSS 0.16%
  • Veröffentlicht 12.05.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:47:42

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model o...

6.5

CVE-2022-22971

  • EPSS 0.34%
  • Veröffentlicht 12.05.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:47:43

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

10

CVE-2022-1292

  • EPSS 41.21%
  • Veröffentlicht 03.05.2022 16:15:18
  • Zuletzt bearbeitet 13.08.2025 14:15:28

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...

6.5

CVE-2021-20464

  • EPSS 0.33%
  • Veröffentlicht 22.04.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:37

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.