Refine your search
6 vulnerabilities found for Active IQ Unified Manager pour VMware vSphere by NetApp
CERTFR-2026-AVI-0287
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - A800/C800 | FAS/AFF Baseboard Management Controller (BMC) - A800/C800 versions antérieures à 10.10 | ||
| NetApp | SolidFire & HCI Storage Node (Element Software) | NetApp SolidFire & HCI Storage Node (Element Software) versions antérieures à 12.8 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | NetApp HCI Baseboard Management Controller (BMC) - H410C | ||
| NetApp | N/A | Management Services for Element Software and NetApp HCI versions antérieures à 2.25.42 | ||
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.14.1 | ||
| NetApp | E-Series SANtricity OS Controller Software 11.x | E-Series SANtricity OS Controller Software 11.x versions antérieures à 11.70.2 | ||
| NetApp | N/A | AFF/ASA/FAS Baseboard Management Controller (BMC) - A50/A30/A20/C60/C30/FAS50 versions antérieures à 19.1 | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 | FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 versions antérieures à 11.11 | ||
| NetApp | N/A | Astra Control Center versions antérieures à 23.10.0 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610S | NetApp HCI Baseboard Management Controller (BMC) - H610S | ||
| NetApp | N/A | NetApp Cloud Backup (formerly AltaVault) | ||
| NetApp | N/A | Trident versions antérieures à 23.10.0 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610C | NetApp HCI Baseboard Management Controller (BMC) - H410C | ||
| NetApp | N/A | Trident Autosupport versions antérieures à 23.10.0 | ||
| NetApp | Brocade Fabric Operating System Firmware | Brocade Fabric Operating System Firmware versions antérieures à 9.2.0 | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - A900/9500 | FAS/AFF Baseboard Management Controller (BMC) - A900/9500 versions antérieures à 16.6 | ||
| NetApp | N/A | FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400 versions antérieures à 13.10P1 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager for VMware vSphere versions antérieures à 9.16P2 | ||
| NetApp | N/A | AFF/ASA/FAS Baseboard Management Controller (BMC) - A1K/A90/A70/C80/FAS90/FAS70 versions antérieures à 18.2 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610C | NetApp HCI Baseboard Management Controller (BMC) - H610C | ||
| NetApp | NetApp SolidFire & HCI Management Node | NetApp SolidFire & HCI Management Node versions antérieures à 2.25.42 | ||
| NetApp | NetApp SolidFire & HCI Management Node | NetApp SolidFire & HCI Management Node versions antérieures à 12.8 | ||
| NetApp | N/A | NetApp SolidFire Baseboard Management Controller (BMC) | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - FAS2820 | FAS/AFF Baseboard Management Controller (BMC) - FAS2820 versions antérieures à 17.3 | ||
| NetApp | N/A | OnCommand Insight versions antérieures à 7.3.15 | ||
| NetApp | HCI Compute Node (Bootstrap OS) | NetApp HCI Compute Node (Bootstrap OS) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - A800/C800 versions ant\u00e9rieures \u00e0 10.10",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - A800/C800",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Storage Node (Element Software) versions ant\u00e9rieures \u00e0 12.8",
"product": {
"name": "SolidFire \u0026 HCI Storage Node (Element Software)",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Management Services for Element Software and NetApp HCI versions ant\u00e9rieures \u00e0 2.25.42",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.14.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "E-Series SANtricity OS Controller Software 11.x versions ant\u00e9rieures \u00e0 11.70.2",
"product": {
"name": "E-Series SANtricity OS Controller Software 11.x",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "AFF/ASA/FAS Baseboard Management Controller (BMC) - A50/A30/A20/C60/C30/FAS50 versions ant\u00e9rieures \u00e0 19.1",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 versions ant\u00e9rieures \u00e0 11.11",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Astra Control Center versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H610S",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp Cloud Backup (formerly AltaVault)",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Trident versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Trident Autosupport versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Brocade Fabric Operating System Firmware versions ant\u00e9rieures \u00e0 9.2.0",
"product": {
"name": "Brocade Fabric Operating System Firmware",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - A900/9500 versions ant\u00e9rieures \u00e0 16.6",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - A900/9500",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400 versions ant\u00e9rieures \u00e0 13.10P1",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager for VMware vSphere versions ant\u00e9rieures \u00e0 9.16P2",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "AFF/ASA/FAS Baseboard Management Controller (BMC) - A1K/A90/A70/C80/FAS90/FAS70 versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Management Node versions ant\u00e9rieures \u00e0 2.25.42",
"product": {
"name": "NetApp SolidFire \u0026 HCI Management Node",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Management Node versions ant\u00e9rieures \u00e0 12.8",
"product": {
"name": "NetApp SolidFire \u0026 HCI Management Node",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire Baseboard Management Controller (BMC)",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - FAS2820 versions ant\u00e9rieures \u00e0 17.3",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - FAS2820",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "OnCommand Insight versions ant\u00e9rieures \u00e0 7.3.15",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Compute Node (Bootstrap OS)",
"product": {
"name": "HCI Compute Node (Bootstrap OS)",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2024-26633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26633"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2024-26641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26641"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
}
],
"initial_release_date": "2026-03-13T00:00:00",
"last_revision_date": "2026-03-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0287",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20210827-0005",
"url": "https://security.netapp.com/advisory/NTAP-20210827-0005"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220915-0006",
"url": "https://security.netapp.com/advisory/NTAP-20220915-0006"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231016-0001",
"url": "https://security.netapp.com/advisory/NTAP-20231016-0001"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220131-0003",
"url": "https://security.netapp.com/advisory/NTAP-20220131-0003"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20210819-0004",
"url": "https://security.netapp.com/advisory/NTAP-20210819-0004"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241220-0001",
"url": "https://security.netapp.com/advisory/NTAP-20241220-0001"
},
{
"published_at": "2026-03-12",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231013-0003",
"url": "https://security.netapp.com/advisory/NTAP-20231013-0003"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220419-0002",
"url": "https://security.netapp.com/advisory/NTAP-20220419-0002"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220526-0002",
"url": "https://security.netapp.com/advisory/NTAP-20220526-0002"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0008",
"url": "https://security.netapp.com/advisory/NTAP-20241108-0008"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220707-0001",
"url": "https://security.netapp.com/advisory/NTAP-20220707-0001"
}
]
}
CERTFR-2024-AVI-0423
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données, une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions antérieures à 9.14 | ||
| NetApp | Management Services pour Element Software et NetApp HCI | Management Services pour Element Software et NetApp HCI versions antérieures à 2.25.42 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Active IQ Unified Manager pour VMware vSphere versions ant\u00e9rieures \u00e0 9.14",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Management Services pour Element Software et NetApp HCI versions ant\u00e9rieures \u00e0 2.25.42",
"product": {
"name": "Management Services pour Element Software et NetApp HCI",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2023-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
}
],
"initial_release_date": "2024-05-21T00:00:00",
"last_revision_date": "2024-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0423",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2024-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230929-0010",
"url": "https://security.netapp.com/advisory/ntap-20230929-0010/"
},
{
"published_at": "2024-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230223-0008",
"url": "https://security.netapp.com/advisory/ntap-20230223-0008/"
},
{
"published_at": "2024-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20231124-0002",
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
},
{
"published_at": "2024-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230223-0004",
"url": "https://security.netapp.com/advisory/ntap-20230223-0004/"
},
{
"published_at": "2024-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230622-0008",
"url": "https://security.netapp.com/advisory/ntap-20230622-0008/"
}
]
}
CERTFR-2024-AVI-0380
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.14.1 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows versions antérieures à 9.12 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions antérieures à 9.10 | ||
| NetApp | N/A | NetApp Cloud Backup toutes versions | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.14.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows versions ant\u00e9rieures \u00e0 9.12",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere versions ant\u00e9rieures \u00e0 9.10",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp Cloud Backup toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3631"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2021-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4090"
},
{
"name": "CVE-2021-3667",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3667"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
}
],
"initial_release_date": "2024-05-10T00:00:00",
"last_revision_date": "2024-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0380",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits NetApp\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220318-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220318-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220419-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220419-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0006 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0005/"
}
]
}
CERTFR-2023-AVI-1060
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans NetApp Active IQ Unified Manager. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions 9.12 et 9.13 sans le dernier correctif de sécurité | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux versions 9.12 et 9.13 sans le dernier correctif de sécurité | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows versions 9.12 et 9.13 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Active IQ Unified Manager pour VMware vSphere versions 9.12 et 9.13 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux versions 9.12 et 9.13 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows versions 9.12 et 9.13 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3773"
}
],
"initial_release_date": "2023-12-28T00:00:00",
"last_revision_date": "2023-12-28T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1060",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans NetApp Active IQ Unified\nManager. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans NetApp Active IQ Unified Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20231227-0011 du 27 d\u00e9cembre 2023",
"url": "https://security.netapp.com/advisory/ntap-20231227-0011/"
}
]
}
CERTFR-2023-AVI-0908
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere sans le dernier correctif de sécurité | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows sans le dernier correctif de sécurité | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux sans le dernier correctif de sécurité | ||
| NetApp | N/A | Brocade SAN Navigator versions antérieures à 2.3.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Active IQ Unified Manager pour VMware vSphere sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Brocade SAN Navigator versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
}
],
"initial_release_date": "2023-11-03T00:00:00",
"last_revision_date": "2023-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0908",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNetApp. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230929-0011 du 01 novembre 2023",
"url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230420-0009 du 01 novembre 2023",
"url": "https://security.netapp.com/advisory/ntap-20230420-0009/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230526-0002 du 01 novembre 2023",
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
]
}
CERTFR-2023-AVI-0648
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere sans les correctifs de sécurité du 08 août 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
}
],
"initial_release_date": "2023-08-10T00:00:00",
"last_revision_date": "2023-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0648",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNetApp. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20220210-0024 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230427-0011 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20230427-0011/"
}
]
}