Refine your search
8 vulnerabilities found for ONTAP Select Deploy administration utility by NetApp
CERTFR-2026-AVI-0287
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - A800/C800 | FAS/AFF Baseboard Management Controller (BMC) - A800/C800 versions antérieures à 10.10 | ||
| NetApp | SolidFire & HCI Storage Node (Element Software) | NetApp SolidFire & HCI Storage Node (Element Software) versions antérieures à 12.8 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | NetApp HCI Baseboard Management Controller (BMC) - H410C | ||
| NetApp | N/A | Management Services for Element Software and NetApp HCI versions antérieures à 2.25.42 | ||
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.14.1 | ||
| NetApp | E-Series SANtricity OS Controller Software 11.x | E-Series SANtricity OS Controller Software 11.x versions antérieures à 11.70.2 | ||
| NetApp | N/A | AFF/ASA/FAS Baseboard Management Controller (BMC) - A50/A30/A20/C60/C30/FAS50 versions antérieures à 19.1 | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 | FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 versions antérieures à 11.11 | ||
| NetApp | N/A | Astra Control Center versions antérieures à 23.10.0 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610S | NetApp HCI Baseboard Management Controller (BMC) - H610S | ||
| NetApp | N/A | NetApp Cloud Backup (formerly AltaVault) | ||
| NetApp | N/A | Trident versions antérieures à 23.10.0 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610C | NetApp HCI Baseboard Management Controller (BMC) - H410C | ||
| NetApp | N/A | Trident Autosupport versions antérieures à 23.10.0 | ||
| NetApp | Brocade Fabric Operating System Firmware | Brocade Fabric Operating System Firmware versions antérieures à 9.2.0 | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - A900/9500 | FAS/AFF Baseboard Management Controller (BMC) - A900/9500 versions antérieures à 16.6 | ||
| NetApp | N/A | FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400 versions antérieures à 13.10P1 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager for VMware vSphere versions antérieures à 9.16P2 | ||
| NetApp | N/A | AFF/ASA/FAS Baseboard Management Controller (BMC) - A1K/A90/A70/C80/FAS90/FAS70 versions antérieures à 18.2 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610C | NetApp HCI Baseboard Management Controller (BMC) - H610C | ||
| NetApp | NetApp SolidFire & HCI Management Node | NetApp SolidFire & HCI Management Node versions antérieures à 2.25.42 | ||
| NetApp | NetApp SolidFire & HCI Management Node | NetApp SolidFire & HCI Management Node versions antérieures à 12.8 | ||
| NetApp | N/A | NetApp SolidFire Baseboard Management Controller (BMC) | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | ||
| NetApp | FAS/AFF Baseboard Management Controller (BMC) - FAS2820 | FAS/AFF Baseboard Management Controller (BMC) - FAS2820 versions antérieures à 17.3 | ||
| NetApp | N/A | OnCommand Insight versions antérieures à 7.3.15 | ||
| NetApp | HCI Compute Node (Bootstrap OS) | NetApp HCI Compute Node (Bootstrap OS) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - A800/C800 versions ant\u00e9rieures \u00e0 10.10",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - A800/C800",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Storage Node (Element Software) versions ant\u00e9rieures \u00e0 12.8",
"product": {
"name": "SolidFire \u0026 HCI Storage Node (Element Software)",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Management Services for Element Software and NetApp HCI versions ant\u00e9rieures \u00e0 2.25.42",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.14.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "E-Series SANtricity OS Controller Software 11.x versions ant\u00e9rieures \u00e0 11.70.2",
"product": {
"name": "E-Series SANtricity OS Controller Software 11.x",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "AFF/ASA/FAS Baseboard Management Controller (BMC) - A50/A30/A20/C60/C30/FAS50 versions ant\u00e9rieures \u00e0 19.1",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750 versions ant\u00e9rieures \u00e0 11.11",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Astra Control Center versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H610S",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp Cloud Backup (formerly AltaVault)",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Trident versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Trident Autosupport versions ant\u00e9rieures \u00e0 23.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Brocade Fabric Operating System Firmware versions ant\u00e9rieures \u00e0 9.2.0",
"product": {
"name": "Brocade Fabric Operating System Firmware",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - A900/9500 versions ant\u00e9rieures \u00e0 16.6",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - A900/9500",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400 versions ant\u00e9rieures \u00e0 13.10P1",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager for VMware vSphere versions ant\u00e9rieures \u00e0 9.16P2",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "AFF/ASA/FAS Baseboard Management Controller (BMC) - A1K/A90/A70/C80/FAS90/FAS70 versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H610C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Management Node versions ant\u00e9rieures \u00e0 2.25.42",
"product": {
"name": "NetApp SolidFire \u0026 HCI Management Node",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire \u0026 HCI Management Node versions ant\u00e9rieures \u00e0 12.8",
"product": {
"name": "NetApp SolidFire \u0026 HCI Management Node",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp SolidFire Baseboard Management Controller (BMC)",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "FAS/AFF Baseboard Management Controller (BMC) - FAS2820 versions ant\u00e9rieures \u00e0 17.3",
"product": {
"name": "FAS/AFF Baseboard Management Controller (BMC) - FAS2820",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "OnCommand Insight versions ant\u00e9rieures \u00e0 7.3.15",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Compute Node (Bootstrap OS)",
"product": {
"name": "HCI Compute Node (Bootstrap OS)",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2024-26633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26633"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2024-26641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26641"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
}
],
"initial_release_date": "2026-03-13T00:00:00",
"last_revision_date": "2026-03-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0287",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20210827-0005",
"url": "https://security.netapp.com/advisory/NTAP-20210827-0005"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220915-0006",
"url": "https://security.netapp.com/advisory/NTAP-20220915-0006"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231016-0001",
"url": "https://security.netapp.com/advisory/NTAP-20231016-0001"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220131-0003",
"url": "https://security.netapp.com/advisory/NTAP-20220131-0003"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20210819-0004",
"url": "https://security.netapp.com/advisory/NTAP-20210819-0004"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241220-0001",
"url": "https://security.netapp.com/advisory/NTAP-20241220-0001"
},
{
"published_at": "2026-03-12",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231013-0003",
"url": "https://security.netapp.com/advisory/NTAP-20231013-0003"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220419-0002",
"url": "https://security.netapp.com/advisory/NTAP-20220419-0002"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220526-0002",
"url": "https://security.netapp.com/advisory/NTAP-20220526-0002"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0008",
"url": "https://security.netapp.com/advisory/NTAP-20241108-0008"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220707-0001",
"url": "https://security.netapp.com/advisory/NTAP-20220707-0001"
}
]
}
CERTFR-2024-AVI-0947
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans NetApp ONTAP Select Deploy administration utility. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.15.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.15.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-20900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20900"
}
],
"initial_release_date": "2024-11-06T00:00:00",
"last_revision_date": "2024-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0947",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans NetApp ONTAP Select Deploy administration utility. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans NetApp ONTAP Select Deploy administration utility",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231013-0002",
"url": "https://security.netapp.com/advisory/ntap-20231013-0002/"
}
]
}
CERTFR-2024-AVI-0615
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits NetApp. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.15.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.15.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
}
],
"initial_release_date": "2024-07-22T00:00:00",
"last_revision_date": "2024-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0615",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits NetApp. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2024-07-19",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0002",
"url": "https://security.netapp.com/advisory/ntap-20220331-0002/"
}
]
}
CERTFR-2024-AVI-0380
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.14.1 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows versions antérieures à 9.12 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions antérieures à 9.10 | ||
| NetApp | N/A | NetApp Cloud Backup toutes versions | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.14.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows versions ant\u00e9rieures \u00e0 9.12",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere versions ant\u00e9rieures \u00e0 9.10",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp Cloud Backup toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3631"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2021-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4090"
},
{
"name": "CVE-2021-3667",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3667"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
}
],
"initial_release_date": "2024-05-10T00:00:00",
"last_revision_date": "2024-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0380",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits NetApp\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220318-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220318-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220419-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220419-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0006 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0005/"
}
]
}
CVE-2024-21990 (GCVE-0-2024-21990)
Vulnerability from cvelistv5
Published
2024-04-17 19:35
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an
attacker to view Deploy configuration information and modify the
account credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Version: 9.12.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.12.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.13.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:34:29.517252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:30.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "9.14.1P2",
"status": "affected",
"version": "9.12.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T19:35:23.599Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"source": {
"advisory": "NTAP-20240411-0002",
"discovery": "UNKNOWN"
},
"title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2024-21990",
"datePublished": "2024-04-17T19:35:23.599Z",
"dateReserved": "2024-01-03T19:45:25.346Z",
"dateUpdated": "2024-08-01T22:35:34.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21989 (GCVE-0-2024-21989)
Vulnerability from cvelistv5
Published
2024-04-17 19:32
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when
successfully exploited could allow a read-only user to escalate their
privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Version: 9.12.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:9.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ontap_select_deploy_administration_utility",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "9.14.1p2",
"status": "affected",
"version": "9.12.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T20:34:47.966458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:50:11.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240411-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "9.14.1P2",
"status": "affected",
"version": "9.12.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when \nsuccessfully exploited could allow a read-only user to escalate their \nprivileges.\n\n"
}
],
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when \nsuccessfully exploited could allow a read-only user to escalate their \nprivileges.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T19:32:34.598Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240411-0001/"
}
],
"source": {
"advisory": "NTAP-20240411-0001",
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2024-21989",
"datePublished": "2024-04-17T19:32:34.598Z",
"dateReserved": "2024-01-03T19:45:25.346Z",
"dateUpdated": "2024-08-01T22:35:34.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17272 (GCVE-0-2019-17272)
Vulnerability from cvelistv5
Published
2019-11-21 15:40
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Version: All versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T15:40:03.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2019-17272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONTAP Select Deploy administration utility",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20191121-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2019-17272",
"datePublished": "2019-11-21T15:40:03.000Z",
"dateReserved": "2019-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5509 (GCVE-0-2019-5509)
Vulnerability from cvelistv5
Published
2019-11-21 15:33
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Injection
Summary
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Version: 2.11.2 through 2.12.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:50.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "2.11.2 through 2.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T15:33:19.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2019-5509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONTAP Select Deploy administration utility",
"version": {
"version_data": [
{
"version_value": "2.11.2 through 2.12.2"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20191121-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2019-5509",
"datePublished": "2019-11-21T15:33:19.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:50.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}