Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

altavault_ost_plug-in

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2022-3996
Assigner-OpenSSL Software Foundation
ShareView Details
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 15:43
Updated-03 Aug, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 Policy Constraints Double Locking

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

Action-Not Available
Vendor-OpenSSLNetApp, Inc.
Product-opensslOpenSSLsmi-s_provideraltavault_ost_plug-inopensslfas\/aff_baseboard_management_controllerontap_9hci_baseboard_management_controllermanagement_services_for_element_software
CWE ID-CWE-667
Improper Locking
CVE-2017-15517
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.87%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.

Action-Not Available
Vendor-NetApp, Inc.
Product-altavault_ost_plug-inAltaVault OST Plug-in
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor