Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Element Plug-in For Vcenter Server
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2047 3 Debian, Eclipse, Netapp 7 Debian Linux, Jetty, Element Plug-in For Vcenter Server and 4 more 2024-02-04 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
CVE-2022-2048 4 Debian, Eclipse, Jenkins and 1 more 8 Debian Linux, Jetty, Jenkins and 5 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
CVE-2021-28163 5 Apache, Eclipse, Fedoraproject and 2 more 23 Ignite, Solr, Jetty and 20 more 2024-02-04 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CVE-2021-28164 3 Eclipse, Netapp, Oracle 17 Jetty, Cloud Manager, E-series Performance Analyzer and 14 more 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-34428 4 Debian, Eclipse, Netapp and 1 more 16 Debian Linux, Jetty, Active Iq Unified Manager and 13 more 2024-02-04 3.6 LOW 3.5 LOW
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
CVE-2021-34429 3 Eclipse, Netapp, Oracle 18 Jetty, E-series Santricity Os Controller, E-series Santricity Web Services and 15 more 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
CVE-2021-26987 2 Netapp, Vmware 4 Element Plug-in For Vcenter Server, Management Services For Element Software And Netapp Hci, Solidfire \& Hci Management Node and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
CVE-2020-27223 5 Apache, Debian, Eclipse and 2 more 16 Nifi, Solr, Spark and 13 more 2024-02-04 4.3 MEDIUM 5.3 MEDIUM
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
CVE-2019-5492 1 Netapp 2 Element Plug-in For Vcenter Server, Hyper Converged Infrastructure Compute Node 2024-02-04 5.0 MEDIUM 7.5 HIGH
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.