Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

storagegrid

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

72
Related CVEsRelated VendorsRelated AssignersReports
72Vulnerabilities found
CVE-2025-26517
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 18:53
Updated-23 Sep, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-26516
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.11%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 18:51
Updated-23 Sep, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2025-26515
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.94%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 18:34
Updated-23 Sep, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant Manager non-federated user.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-26514
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 10.24%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 18:31
Updated-23 Sep, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25292
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-3.32% / 87.50%
||
7 Day CHG-0.76%
Published-12 Mar, 2025 | 20:53
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

Action-Not Available
Vendor-oneloginomniauthSAML-ToolkitsNetApp, Inc.
Product-omniauth_samlruby-samlstoragegridruby-saml
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-436
Interpretation Conflict
CVE-2025-25291
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-20.84% / 95.72%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 20:16
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Action-Not Available
Vendor-oneloginomniauthSAML-ToolkitsNetApp, Inc.
Product-omniauth_samlruby-samlstoragegridruby-saml
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-436
Interpretation Conflict
CVE-2024-21994
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.34%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 21:06
Updated-23 Sep, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-21988
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.09%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 21:37
Updated-13 Dec, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID (formerly StorageGRID Webscale)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-21984
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 22:37
Updated-24 Apr, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-21983
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.51%
||
7 Day CHG-0.05%
Published-16 Feb, 2024 | 22:35
Updated-13 Dec, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID
CWE ID-CWE-248
Uncaught Exception
CVE-2023-27318
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.04%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 20:35
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.

Action-Not Available
Vendor-NetApp, Inc.
Product-storagegridStorageGRID (formerly StorageGRID Webscale)
CWE ID-CWE-248
Uncaught Exception
CVE-2022-38734
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.27%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-storagegridDenial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-23238
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 69.91%
||
7 Day CHG-0.15%
Published-09 Aug, 2022 | 20:18
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

Action-Not Available
Vendor-centosn/aNetApp, Inc.Linux Kernel Organization, IncCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxlinux_kernelcentosstoragegridStorageGRID (formerly StorageGRID Webscale)
CVE-2022-37434
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.54% / 99.75%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Action-Not Available
Vendor-stormshieldzlibn/aNetApp, Inc.Debian GNU/LinuxFedora ProjectApple Inc.
Product-active_iq_unified_managerwatchosh500shci_compute_nodeh700sstoragegriddebian_linuxh300s_firmwareh300smanagement_services_for_element_softwareh500s_firmwareoncommand_workflow_automationhcih700s_firmwareipadosstormshield_network_securityiphone_osfedorazlibontap_select_deploy_administration_utilitymacosn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1678
Assigner-OpenAnolis
ShareView Details
Assigner-OpenAnolis
CVSS Score-5.9||MEDIUM
EPSS-1.52% / 81.57%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 14:49
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-h300ebootstrap_oscloud_volumes_ontap_mediatorh500sh300s_firmwareh410c_firmwareactive_iq_unified_managerh410sh300shci_compute_nodestoragegridelement_softwaresolidfireh300e_firmwarelinux_kernelh500ehci_management_nodeh410s_firmwaree-series_santricity_os_controllerh500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700skernel
CWE ID-CWE-911
Improper Update of Reference Count
CVE-2022-0778
Assigner-OpenSSL Software Foundation
ShareView Details
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.86% / 91.53%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 17:05
Updated-22 May, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Action-Not Available
Vendor-NetApp, Inc.Tenable, Inc.Siemens AGNode.js (OpenJS Foundation)OpenSSLMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxsantricity_smi-s_providernode.jsopenssla250mariadb500fclustered_data_ontap500f_firmwarea250_firmwarenessusclustered_data_ontap_antivirus_connectorstoragegridfedoracloud_volumes_ontap_mediatorOpenSSLSIMATIC MV550 HSCALANCE W786-2IA RJ45SIMATIC S7-1200 CPU 1214C AC/DC/RlySCALANCE XR326-2C PoE WG (without UL)SIPLUS S7-1200 CP 1243-1SIMATIC CP 1242-7 V2SCALANCE MUM856-1 (RoW)SIMATIC S7-1500 CPU 1513R-1 PNSCALANCE XF204-2BASCALANCE X307-3SIMATIC RF188CSCALANCE M876-4 (NAM)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE W786-1 RJ45SIMATIC S7-1200 CPU 1211C DC/DC/RlySCALANCE M876-4 (EU)SCALANCE LPE9403SIMATIC CP 1628SIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU 1212C AC/DC/RlySIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE X306-1LD FESCALANCE MUM853-1 (EU)SIPLUS S7-1200 CPU 1212 AC/DC/RLYSINAMICS Startdrive V15.1SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC CP 443-1 OPC UASCALANCE S615 LAN-RouterSCALANCE XB213-3 (SC, E/IP)SIPLUS ET 200SP CPU 1510SP-1 PNSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XB208 (PN)SIMATIC S7-1500 CPU 1512C-1 PNSIRIUS Soft Starter ES V15.1 (TIA Portal)Security Configuration Tool (SCT)SIPLUS NET CP 1242-7 V2SIPLUS ET 200SP CPU 1512SP F-1 PNSCALANCE W748-1 M12SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSCALANCE X308-2LHBFCClientSCALANCE XR528-6M (2HR2)SIMATIC HMI Unified Comfort Panels familySCALANCE XR326-2C PoE WGSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC Cloud Connect 7 CC716SIMATIC RF166CSIMATIC WinCC V17SIPLUS NET SCALANCE XC216-4CSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC Logon V1.6SIPLUS S7-1500 CPU 1518F-4 PN/DPSCALANCE M816-1 ADSL-RouterSCALANCE XR324-4M PoE (24V, ports on front)RUGGEDCOM ROX RX1510SIMATIC PCS 7 TeleControlSCALANCE WUM763-1SCALANCE XC216EECSIMATIC RF615RSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X320-1 FESCALANCE X320-1-2LD FESIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE M804PBRUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524SCALANCE XF204-2SCALANCE X307-2 EEC (230V, coated)SCALANCE XR324WG (24 X FE, DC 24V)SIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200SP CPU 1510SP F-1 PNSINAMICS DCC V15.1SCALANCE W1788-2IA M12SCALANCE XR324-4M EEC (2x 24V, ports on front)SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSINEMA Remote Connect ServerSIPLUS NET SCALANCE XC206-2SIPLUS S7-1200 CPU 1214 DC/DC/RLYSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1500 CPU 1515F-2 PNSINAMICS DCC V16SCALANCE WAM766-1 EEC (US)SCALANCE X202-2P IRTSCALANCE XR324-12M TS (24V)SCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIPLUS ET 200SP CPU 1510SP F-1 PN RAILTeleControl Server Basic V3SCALANCE W1748-1 M12SCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XC216-4C G (EIP Def.)SIMATIC WinCC Unified (TIA Portal)SCALANCE XM408-8CSIMATIC CP 1243-8 IRCSCALANCE W1788-2 EEC M12SCALANCE X212-2SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-PLCSIM AdvancedSCALANCE WAM766-1 EECSCALANCE W788-2 M12SIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE X206-1LDSIRIUS Soft Starter ES V17 (TIA Portal)SIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on rear)SIPLUS S7-1500 CPU 1517H-3 PNSIMATIC RF610RSCALANCE X202-2P IRT PROSIMATIC MV550 SSIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSCALANCE X408-2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE XP208 (Ethernet/IP)SIMATIC PDMSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSCALANCE XC224-4C GSIMATIC RF185CSCALANCE XR324-12M (24V, ports on front)SIMATIC CP 1243-7 LTE USRUGGEDCOM ROX RX1400SIMATIC S7-1500 CPU 1511TF-1 PNRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X308-2M TSSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSCALANCE W1750D (ROW)SIPLUS S7-1200 CP 1243-1 RAILSCALANCE X302-7 EEC (230V)SCALANCE X302-7 EEC (2x 230V)SCALANCE X308-2M PoESIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC CP 1243-1SIPLUS ET 200SP CPU 1510SP-1 PN RAILSCALANCE M826-2 SHDSL-RouterSCALANCE XR324-12M (230V, ports on rear)SIMATIC CP 1626SCALANCE W786-2 RJ45SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE XC206-2SFP GSCALANCE XC216-3G PoE (54 V DC)SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSCALANCE W1788-1 M12SCALANCE XM408-4C (L3 int.)RUGGEDCOM ROX RX5000SINAUT Software ST7scSIRIUS Soft Starter ES V16 (TIA Portal)SCALANCE XC206-2 (SC)SCALANCE XR528-6M (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE X307-2 EEC (24V)SINEC INSSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS NET SCALANCE XC206-2SFPSIPLUS NET CP 443-1 AdvancedSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1500 CPU 1515T-2 PNSCALANCE XM416-4C (L3 int.)SCALANCE XP216POE EECSIMOCODE ES V17SCALANCE XB213-3 (SC, PN)SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSCALANCE X304-2FESCALANCE XC216-4CSCALANCE XP216SIPLUS NET CP 343-1 AdvancedSIPLUS S7-1200 CPU 1214 AC/DC/RLYSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS ET 200SP CP 1543SP-1 ISECSCALANCE X307-2 EEC (24V, coated)SIMATIC PCS 7 V9.0SCALANCE X302-7 EEC (2x 24V)SCALANCE W722-1 RJ45SCALANCE XB205-3LD (SC, PN)SCALANCE X308-2SCALANCE XR552-12M (2HR2)SCALANCE W788-2 M12 EECSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XB213-3 (ST, PN)SCALANCE WAM766-1 (US)SCALANCE WUM766-1 (USA)SIMATIC S7-1500 CPU 1516T-3 PN/DPSCALANCE XR524-8C, 1x230VSCALANCE X208PROSIMATIC RF186CSCALANCE X302-7 EEC (24V, coated)SIPLUS S7-1500 CPU 1518-4 PN/DPSCALANCE XP208PoE EECSCALANCE XR528-6M (2HR2, L3 int.)SIMATIC STEP 7 V15.1SIMATIC S7-1200 CPU 1215FC DC/DC/RlySIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC STEP 7 V5SCALANCE XC206-2SFP EECSCALANCE X204-2LD TSSIPLUS ET 200SP CPU 1512SP-1 PN RAILSCALANCE XP208SCALANCE XB216 (PN)SIMATIC NET PC Software V15SCALANCE X310FESIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF204IRTSCALANCE XR324-12M (24V, ports on rear)SIPLUS ET 200SP CPU 1510SP F-1 PNSCALANCE W778-1 M12 EECSCALANCE XB205-3LD (SC, E/IP)RUGGEDCOM ROX RX1511SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC216-4C G EECSIPLUS ET 200SP CPU 1512SP-1 PNSCALANCE SC646-2CSCALANCE X216SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSCALANCE XB205-3 (ST, E/IP)SIMATIC WinCC V16RUGGEDCOM ROX RX1501SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SIPLUS S7-1500 CPU 1515R-2 PN TX RAILSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C G (EIP Def.)SIMATIC WinCC V7.4SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE XR524-8C, 24VSCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC NET PC Software V14SCALANCE X308-2 RD (inkl. SIPLUS variants)TIA AdministratorSIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE M876-4SCALANCE XC208G PoE (54 V DC)SIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE X200-4P IRTSIMATIC RF188CISIMATIC RF685RSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SIMATIC S7-1500 CPU 1518HF-4 PNSCALANCE X212-2LDSINAUT ST7CCSCALANCE W761-1 RJ45SCALANCE XR324-12M (230V, ports on front)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIPLUS NET CP 1543-1SCALANCE SC622-2CSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC CP 1543-1SIMATIC MV540 SSIPLUS NET SCALANCE XC208SIMATIC RF650RSCALANCE WUM766-1SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE XP208EECSCALANCE X308-2LH+SCALANCE XR526-8C, 1x230VSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE W1750D (USA)SCALANCE XF202-2P IRTSIPLUS S7-1500 CPU 1511F-1 PNSCALANCE W774-1 RJ45SIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS S7-1200 CPU 1214C AC/DC/RLYIndustrial Edge - SIMATIC S7 Connector AppSCALANCE WAM766-1SCALANCE XC216-3G PoETIA Portal Cloud V17SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE XC224-4C G EECSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)OpenPCS 7 V8.2SCALANCE XB205-3 (ST, PN)SCALANCE X204-2SIMOCODE ES V15.1SCALANCE XC216-4C GSINAMICS Startdrive V16SIMATIC WinCC V15.1SIMATIC MV540 HSINEC NMSSCALANCE W788-2 RJ45SCALANCE XR526-8C, 24VSCALANCE X204-2FMSCALANCE W734-1 RJ45 (USA)SCALANCE XB208 (E/IP)RUGGEDCOM ROX RX1512SCALANCE W788-1 M12SIMATIC MV560 USIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC STEP 7 V17SCALANCE X204IRT PROSIMATIC S7-1500 CPU 1518-4 PN/DPSCALANCE X302-7 EEC (24V)SCALANCE W721-1 RJ45SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE W1750D (JP)SCALANCE XC208GSCALANCE W1788-2 M12RUGGEDCOM ROX RX1500SCALANCE M874-3SCALANCE W786-2 SFPSCALANCE XR526-8C, 2x230VSIMOTIONSCALANCE XM416-4CSIMATIC STEP 7 V16SCALANCE XC206-2G PoESCALANCE XR528-6MSIMATIC CP 1542SP-1SCALANCE XF206-1SIPLUS NET SCALANCE X202-2P IRTSCALANCE X307-2 EEC (2x 230V, coated)SCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XC208EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC206-2SFPSIPLUS S7-1500 CPU 1513-1 PNSCALANCE XF204-2BA IRTSIPLUS S7-1500 CPU 1513F-1 PNSCALANCE W774-1 M12 EECSIMATIC NET PC Software V16SIMATIC MV560 XOpenPCS 7 V9.0SCALANCE X202-2IRTSIMATIC S7-1500 CPU 1511F-1 PNSCALANCE X201-3P IRTSIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XC208SCALANCE X302-7 EEC (230V, coated)SIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMOTION SCOUT TIA V5.4SCALANCE XR524-8C, 2x230VSCALANCE W748-1 RJ45SIMATIC S7-1200 CPU 1214FC DC/DC/DCIndustrial Edge - OPC UA ConnectorSIMOTION SCOUT TIA V5.3SCALANCE SC642-2CSIMATIC CP 443-1 AdvancedSIMATIC CP 1243-7 LTE EUSCALANCE W788-1 RJ45SIMOCODE ES V16SCALANCE X204-2LDSCALANCE M876-3 (ROK)SIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS TIM 1531 IRCSCALANCE XP216EECSCALANCE X208SCALANCE X307-2 EEC (230V)TIA Portal Cloud V16SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE SC632-2CSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSCALANCE XP216 (Ethernet/IP)SIPLUS S7-1500 CPU 1518HF-4 PNSIMATIC RF680RSCALANCE X224OpenPCS 7 V9.1SCALANCE M812-1 ADSL-RouterSCALANCE XB205-3 (SC, PN)SIMATIC ET 200SP CPU 1512SP F-1 PNSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE WAM763-1SCALANCE XB213-3LD (SC, E/IP)SIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1518T-4 PN/DPSCALANCE W738-1 M12SCALANCE M876-3SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X310TIM 1531 IRCSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XC216SIMATIC S7-1500 CPU 1517T-3 PN/DPRUGGEDCOM RM1224 LTE(4G) EUSIMATIC CP 1543SP-1SCALANCE XR552-12MSCALANCE XC206-2 (ST/BFOC)SCALANCE X308-2MSCALANCE M874-2SCALANCE W778-1 M12SCALANCE XB213-3 (ST, E/IP)SIMATIC WinCC V7.5SIMATIC S7-1500 CPU 1515TF-2 PNSCALANCE XC208G EECSIMATIC RF186CISCALANCE XB216 (E/IP)SCALANCE S615 EEC LAN-RouterSIMATIC CP 343-1 AdvancedSIMATIC S7-1500 CPU 1511-1 PNSCALANCE X201-3P IRT PROSIMATIC Drive Controller CPU 1507D TFSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE XF201-3P IRTSIPLUS S7-1500 CPU 1511-1 PN TX RAILRUGGEDCOM ROX MX5000RESCALANCE XM408-4CRUGGEDCOM ROX RX1536SCALANCE SC636-2CSIRIUS Safety ES V17 (TIA Portal)SIMATIC PCS 7 V9.1SCALANCE XF204 DNASIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC RF360RSCALANCE X206-1SIMATIC PCS neo (Administration Console)SIMATIC Process Historian OPC UA ServerSCALANCE XC206-2SFP G EECSINAMICS Startdrive V17SCALANCE XF204SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE X204-2TSSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC PCS 7 V8.2SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC ET 200SP CPU 1512SP-1 PNRUGGEDCOM CROSSBOW Station Access Controller (SAC)SCALANCE XC208G (EIP def.)SIPLUS S7-1500 CPU 1511-1 PNSCALANCE X307-2 EEC (2x 24V)SIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1214C DC/DC/DCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller V2SCALANCE W778-1 M12 EEC (USA)SCALANCE X204IRTSCALANCE XC206-2G PoE (54 V DC)SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSCALANCE W734-1 RJ45SIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC WinCC V7.3SCALANCE XC208G PoESCALANCE X307-3LDSIMATIC S7-1500 CPU 1511T-1 PNSCALANCE MUM856-1 (EU)SCALANCE XC224SCALANCE XM408-8C (L3 int.)SIMATIC NET PC Software V17SIMATIC Cloud Connect 7 CC712SCALANCE X307-2 EEC (2x 230V)SCALANCE XF204-2BA DNASCALANCE XR524-8C, 1x230V (L3 int.)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC CP 1545-1SIMATIC S7-1500 CPU 1515-2 PNSCALANCE X307-2 EEC (2x 24V, coated)SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC ET 200SP CPU 1510SP-1 PNSCALANCE XF208
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-23233
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.27%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 17:22
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-storagegridStorageGRID (formerly StorageGRID Webscale)
CVE-2022-23232
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.34% / 56.65%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 17:21
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-storagegridStorageGRID (formerly StorageGRID Webscale)
CVE-2022-23773
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.32%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:16
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

Action-Not Available
Vendor-n/aNetApp, Inc.Go
Product-cloud_insights_telegraf_agentbeegfs_csi_drivergostoragegridkubernetes_monitoring_operatorn/a
CWE ID-CWE-436
Interpretation Conflict
CVE-2022-23772
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.51%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:11
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Action-Not Available
Vendor-n/aNetApp, Inc.GoDebian GNU/Linux
Product-debian_linuxcloud_insights_telegraf_agentbeegfs_csi_drivergostoragegridkubernetes_monitoring_operatorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23806
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.04% / 14.18%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Action-Not Available
Vendor-n/aNetApp, Inc.GoDebian GNU/Linux
Product-debian_linuxcloud_insights_telegraf_agentbeegfs_csi_drivergostoragegridkubernetes_monitoring_operatorn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-27006
Assigner-NetApp, Inc.
ShareView Details
Assigner-NetApp, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 19.99%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-storagegridStorageGRID (formerly StorageGRID Webscale)
CVE-2021-40438
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-9||CRITICAL
EPSS-94.43% / 99.99%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-15||Apply updates per vendor instructions.
mod_proxy SSRF

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-resfOracle CorporationNetApp, Inc.Siemens AGRed Hat, Inc.Broadcom Inc.F5, Inc.The Apache Software FoundationTenable, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_for_ibm_z_systemsenterprise_linux_server_update_services_for_sap_solutionsjboss_core_servicesinstantis_enterprisetrackenterprise_linux_serversinema_serversinema_remote_connect_serversinec_nmstenable.sccloud_backupzfs_storage_appliance_kitsecure_global_desktopruggedcom_nmssoftware_collectionsdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_for_arm_64clustered_data_ontapenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsf5osenterprise_linuxenterprise_linux_eusenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_power_little_endianbrocade_fabric_operating_system_firmwareenterprise_manager_ops_centerenterprise_linux_for_arm_64_eushttp_serverrocky_linuxenterprise_linux_server_workstationenterprise_linux_server_ausenterprise_linux_server_tusfedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationstoragegridApache HTTP ServerApache
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39275
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-37.67% / 97.28%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-01 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ap_escape_quotes buffer overflow

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software FoundationDebian GNU/LinuxNetApp, Inc.Siemens AG
Product-debian_linuxfedorasinec_nmshttp_servercloud_backupsinema_serverzfs_storage_appliance_kitinstantis_enterprisetrackstoragegridclustered_data_ontapApache HTTP Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36160
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.69% / 89.53%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-01 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_uwsgi out of bound read

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software FoundationDebian GNU/LinuxNetApp, Inc.Broadcom Inc.
Product-communications_cloud_native_core_network_function_cloud_native_environmentbrocade_fabric_operating_system_firmwaredebian_linuxfedorapeoplesoft_enterprise_peopletoolshttp_servercloud_backupenterprise_manager_base_platformzfs_storage_appliance_kitinstantis_enterprisetrackstoragegridclustered_data_ontapApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34798
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.29% / 93.31%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxThe Apache Software FoundationOracle CorporationTenable, Inc.Broadcom Inc.Siemens AGFedora Project
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backuptenable.scstoragegridsinema_serverruggedcom_nmshttp_serverclustered_data_ontapdebian_linuxsinec_nmssinema_remote_connect_serverinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_base_platformbrocade_fabric_operating_system_firmwareApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34558
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.92% / 76.30%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 13:47
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectGo
Product-fedoragocloud_insights_telegraftridenttimesten_in-memory_databasestoragegridn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3450
Assigner-OpenSSL Software Foundation
ShareView Details
Assigner-OpenSSL Software Foundation
CVSS Score-7.4||HIGH
EPSS-0.50% / 66.52%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 14:25
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

Action-Not Available
Vendor-windriverSonicWall Inc.FreeBSD FoundationFedora ProjectOracle CorporationTenable, Inc.McAfee, LLCNode.js (OpenJS Foundation)OpenSSLNetApp, Inc.
Product-freebsdpeoplesoft_enterprise_peopletoolsopensslnessus_agentsonicosmysql_connectorssantricity_smi-s_providerstoragegridnode.jsjd_edwards_enterpriseone_toolsgraalvmontap_select_deploy_administration_utilityfedorasma100_firmwarenessus_network_monitornessusweb_gatewayjd_edwards_world_securityenterprise_manager_for_storage_managementcloud_volumes_ontap_mediatorcapture_clientsma100linuxoncommand_workflow_automationmysql_workbenchsantricity_smi-s_provider_firmwareweblogic_serverstoragegrid_firmwaremysql_enterprise_monitorsecure_global_desktopemail_securityweb_gateway_cloud_servicesecure_backupcommerce_guided_searchmysql_serverOpenSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3449
Assigner-OpenSSL Software Foundation
ShareView Details
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-9.86% / 93.12%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 14:25
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer deref in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Action-Not Available
Vendor-SonicWall Inc.FreeBSD FoundationCheck Point Software Technologies Ltd.Fedora ProjectOracle CorporationTenable, Inc.Siemens AGDebian GNU/LinuxMcAfee, LLCNode.js (OpenJS Foundation)OpenSSLNetApp, Inc.
Product-simatic_net_cp1243-7_lte_ussinamics_connect_300_firmwaresimatic_pcs_neosonicosscalance_s602_firmwarescalance_sc-600_firmwarescalance_xp-200simatic_s7-1200_cpu_1212csnapcenterscalance_xf-200basimatic_mv500quantum_security_gatewayessbasescalance_s602simatic_s7-1200_cpu_1212fc_firmwarequantum_security_management_firmwarenessus_network_monitorsimatic_net_cp_1545-1_firmwaresimatic_cp_1242-7_gprs_v2scalance_s615_firmwaresimatic_s7-1200_cpu_1215_fcsimatic_rf166c_firmwarescalance_xr528-6m_firmwarescalance_m-800_firmwaree-series_performance_analyzerscalance_xc-200_firmwarescalance_xr-300wg_firmwaresimatic_hmi_ktp_mobile_panelsscalance_s612_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaredebian_linuxsimatic_net_cp_1543-1_firmwaresimatic_mv500_firmwareruggedcom_rcm1224_firmwaresimatic_process_historian_opc_ua_server_firmwarescalance_sc-600simatic_net_cp_1243-1_firmwaresimatic_s7-1200_cpu_1214c_firmwarecommunications_communications_policy_managementsimatic_process_historian_opc_ua_serversecure_backupsimatic_net_cp_1542sp-1_irc_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1200_cpu_1214cscalance_xf-200ba_firmwarequantum_security_managementsimatic_rf186c_firmwarescalance_w700simatic_net_cp_1542sp-1_ircstoragegridsimatic_hmi_comfort_outdoor_panels_firmwaresimatic_rf185cnode.jssinec_infrastructure_network_servicesscalance_s615graalvmsimatic_s7-1200_cpu_1214_fctim_1531_irc_firmwaresma100_firmwaresimatic_net_cp_1243-8_ircsimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwarenessussimatic_rf188ci_firmwarecloud_volumes_ontap_mediatorsimatic_net_cp1243-7_lte_us_firmwarelog_correlation_engineoncommand_workflow_automationscalance_xm-400_firmwarescalance_xr524-8c_firmwaresinumerik_opc_ua_serverscalance_s623_firmwarescalance_w700_firmwaremulti-domain_management_firmwarescalance_s627-2m_firmwarescalance_w1700_firmwaresimatic_net_cp_1545-1simatic_cloud_connect_7_firmwarescalance_xb-200_firmwarescalance_xc-200scalance_m-800jd_edwards_enterpriseone_toolssimatic_s7-1200_cpu_1214_fc_firmwarepeoplesoft_enterprise_peopletoolsprimavera_unifieropensslruggedcom_rcm1224simatic_pcs_neo_firmwaresimatic_rf360rscalance_lpe9403simatic_cp_1242-7_gprs_v2_firmwaresimatic_hmi_basic_panels_2nd_generation_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpscalance_xr528-6msimatic_s7-1200_cpu_1215_fc_firmwarescalance_xr-300wgscalance_s612simatic_rf360r_firmwaresinec_nmstim_1531_ircontap_select_deploy_administration_utilitysimatic_net_cp_1243-1fedorazfs_storage_appliance_kitsimatic_net_cp1243-7_lte_eu_firmwaresimatic_rf188csimatic_s7-1200_cpu_1217csimatic_rf185c_firmwaresimatic_net_cp_1543sp-1simatic_s7-1200_cpu_1215c_firmwareweb_gatewaysimatic_net_cp_1543-1simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_rf188cicapture_clientsimatic_hmi_ktp_mobile_panels_firmwaresma100scalance_xr524-8csimatic_s7-1200_cpu_1215csimatic_logonsimatic_pcs_7_telecontrol_firmwaresimatic_net_cp_1543sp-1_firmwaremysql_workbenchsimatic_wincc_runtime_advancedscalance_s623secure_global_desktopweb_gateway_cloud_servicescalance_w1700scalance_xm-400freebsdscalance_lpe9403_firmwaremysql_serversimatic_pcs_7_telecontrolquantum_security_gateway_firmwaresimatic_wincc_telecontrolmysql_connectorssimatic_rf188c_firmwaresinec_pnimulti-domain_managementsimatic_pdmscalance_s627-2msimatic_rf186cioncommand_insightjd_edwards_world_securityenterprise_manager_for_storage_managementscalance_xp-200_firmwaresimatic_rf166csimatic_hmi_basic_panels_2nd_generationtia_administratoractive_iq_unified_managerscalance_xb-200tenable.scsimatic_hmi_comfort_outdoor_panelssimatic_s7-1200_cpu_1211csinema_serversinamics_connect_300scalance_xr552-12simatic_cloud_connect_7simatic_rf186cscalance_xr526-8c_firmwaresimatic_s7-1200_cpu_1212fcscalance_xr552-12_firmwaresimatic_net_cp1243-7_lte_euscalance_xr526-8csimatic_pdm_firmwaresantricity_smi-s_providerOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-3114
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.60%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 02:23
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectGoDebian GNU/Linux
Product-debian_linuxcloud_insights_telegraf_agentfedoragostoragegridn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2021-3115
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.32%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 02:14
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectGoMicrosoft Corporation
Product-cloud_insights_telegraf_agentfedoragowindowsstoragegridn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-16166
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-1.68% / 82.49%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 20:05
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSECanonical Ltd.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-ubuntu_linuxcloud_volumes_ontap_mediatorsd-wan_edgeactive_iq_unified_managerh410c_firmwarehci_bootstrap_osstoragegridsolidfiresteelstore_cloud_integrated_storagedebian_linuxlinux_kernelhci_management_nodefedorae-series_santricity_os_controllerh410cleapn/a
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-14664
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-1.07% / 78.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-snapmanagercloud_backupjree-series_performance_analyzere-series_santricity_os_controlleractive_iq_unified_manager7-mode_transition_toolsteelstore_cloud_integrated_storagee-series_santricity_web_servicesjdkcloud_secure_agentoncommand_workflow_automationstoragegridsantricity_unified_manageroncommand_insightJava
CVE-2020-14593
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.4||HIGH
EPSS-0.41% / 61.53%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSE
Product-active_iq_unified_managerstoragegridcloud_secure_agente-series_performance_analyzeroncommand_workflow_automationsantricity_unified_manager7-mode_transition_toolubuntu_linuxopenjdkjresnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxsteelstore_cloud_integrated_storageoncommand_insightJava
CVE-2020-14577
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.28% / 51.94%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSE
Product-active_iq_unified_managerstoragegridcloud_secure_agente-series_performance_analyzeroncommand_workflow_automationsantricity_unified_manager7-mode_transition_toolubuntu_linuxopenjdkjresnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxsteelstore_cloud_integrated_storageoncommand_insightJava
CVE-2020-14579
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2020-14583
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-1.02% / 77.54%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSE
Product-active_iq_unified_managerstoragegridcloud_secure_agente-series_performance_analyzeroncommand_workflow_automationsantricity_unified_manager7-mode_transition_toolubuntu_linuxopenjdkjresnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxsteelstore_cloud_integrated_storageoncommand_insightJava
CVE-2020-14581
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.39% / 60.00%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2020-14578
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2020-14556
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.8||MEDIUM
EPSS-0.58% / 69.17%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSE
Product-active_iq_unified_managerstoragegridcloud_secure_agente-series_performance_analyzeroncommand_workflow_automationsantricity_unified_manager7-mode_transition_toolubuntu_linuxopenjdkjresnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxsteelstore_cloud_integrated_storageoncommand_insightJava
CVE-2020-2830
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.32%
||
7 Day CHG+0.01%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkcloud_backupthreat_intelligence_exchange_serveroncommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicesleapJava
CVE-2020-2803
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-3.22% / 87.28%
||
7 Day CHG-0.05%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxopenjdkcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicesleapJava
CVE-2020-2805
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-1.83% / 83.26%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxopenjdkcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicesleapJava
CVE-2020-2816
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.78%
||
7 Day CHG-0.17%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxopenjdkcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicesleapJava
CVE-2020-2800
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.8||MEDIUM
EPSS-0.61% / 70.00%
||
7 Day CHG+0.03%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxopenjdkcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicesleapJava
CVE-2020-2781
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.48%
||
7 Day CHG+0.01%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkcloud_backupthreat_intelligence_exchange_servere-series_performance_analyzeractive_iq_unified_managerjdkleaponcommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjrefedorae-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentoncommand_insightJava
CVE-2020-2773
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.60% / 69.85%
||
7 Day CHG-0.17%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratorcloud_backupe-series_performance_analyzeractive_iq_unified_managerjdkleaponcommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjrefedorae-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentoncommand_insightJava
CVE-2020-2767
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.8||MEDIUM
EPSS-0.33% / 56.05%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxopenjdkcloud_backupe-series_performance_analyzeractive_iq_unified_managerjdkleaponcommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentoncommand_insightJava
CVE-2020-2778
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.36% / 58.18%
||
7 Day CHG-0.08%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxopenjdkcloud_backupe-series_performance_analyzeractive_iq_unified_managerjdkleaponcommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storageplug-in_for_symantec_netbackupdebian_linuxsnapmanagerjree-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentoncommand_insightJava
CVE-2020-2754
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.29% / 53.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkdebian_linuxepolicy_orchestratorsnapmanagerjree-series_santricity_os_controlleractive_iq_unified_managerfedorajdkstoragegridleapJava
  • Previous
  • 1
  • 2
  • Next