NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2020-8584 | Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | 9.8 | 4.17% | 2021-01-08 | 2026-06-16 |
| CVE-2018-5488 | NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | 9.8 | 3.97% | 2018-06-13 | 2026-06-16 |
| CVE-2019-5490 | Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | 9.8 | 3.49% | 2019-03-21 | 2026-06-16 |
| CVE-2018-5492 | NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | 9.8 | 2.90% | 2018-10-04 | 2026-06-16 |
| CVE-2018-5487 | NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | 9.8 | 2.90% | 2018-05-24 | 2026-06-16 |
| CVE-2019-5497 | NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | 9.8 | 2.87% | 2019-07-01 | 2026-06-16 |
| CVE-2019-17275 | OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | 9.8 | 2.75% | 2020-02-26 | 2026-06-16 |
| CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | 9.8 | 2.44% | 2021-03-15 | 2026-06-16 |
| CVE-2019-5509 | ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | 9.8 | 2.27% | 2019-11-21 | 2026-06-16 |
| CVE-2019-5501 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | 7.5 | 1.98% | 2019-08-02 | 2026-06-16 |
| CVE-2019-5504 | ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | 9.8 | 1.97% | 2019-09-24 | 2026-06-16 |
| CVE-2019-5491 | Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | 7.5 | 1.90% | 2019-02-27 | 2026-06-16 |
| CVE-2018-5493 | ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). | 7.5 | 1.78% | 2020-05-07 | 2026-06-16 |
| CVE-2020-8571 | StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | 7.5 | 1.78% | 2020-03-13 | 2026-06-16 |
| CVE-2019-5500 | Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). | 7.5 | 1.78% | 2020-05-11 | 2026-06-16 |
| CVE-2018-5495 | All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. | 9.8 | 1.59% | 2018-11-14 | 2026-06-16 |
| CVE-2021-26990 | Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | 9.1 | 1.54% | 2021-03-19 | 2026-06-16 |
| CVE-2019-5492 | Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. | 7.5 | 1.54% | 2019-04-29 | 2026-06-16 |
| CVE-2019-5495 | OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 7.5 | 1.43% | 2019-05-10 | 2026-06-16 |
| CVE-2019-5493 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | 7.5 | 1.43% | 2019-08-02 | 2026-06-16 |