This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netapp First view 2017-04-17
Product Service Level Manager Last view 2021-01-19
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:netapp:service_level_manager

Activity : Overall

Related : CVE

  Date Alert Description
8.1 2021-01-19 CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 2021-01-07 CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1 2021-01-07 CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1 2021-01-07 CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1 2021-01-07 CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1 2021-01-06 CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

8.1 2021-01-06 CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1 2021-01-06 CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1 2021-01-06 CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1 2021-01-06 CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1 2021-01-06 CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.1 2021-01-06 CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1 2020-12-27 CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1 2020-12-17 CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1 2020-12-17 CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

7.5 2020-12-03 CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

9.8 2020-02-10 CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

9.8 2020-01-03 CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8 2019-10-06 CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

9.8 2019-10-01 CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

9.8 2019-10-01 CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

9.8 2019-07-29 CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

9.1 2019-07-25 CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

7.8 2018-02-23 CVE-2017-15518

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.

9.8 2017-04-17 CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
91% (21) CWE-502 Deserialization of Untrusted Data
4% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
4% (1) CWE-200 Information Exposure

Snort® IPS/IDS

Date Description
2020-07-07 lodash defaultsDeep prototype pollution attempt
RuleID : 54184 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2018-08-08 Name: A web application running on the remote host is affected by multiple vulnerab...
File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO
2017-12-13 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2017-3399.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1214.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1213.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2636.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2638.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2637.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2635.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170807_log4j_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-08-10 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b8358cda24.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-11edc0d6c3.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8348115acd.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7e0ff7f73a.nasl - Type: ACT_GATHER_INFO
2017-05-05 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2ccfbd650a.nasl - Type: ACT_GATHER_INFO
2017-05-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-511ebfa8a3.nasl - Type: ACT_GATHER_INFO