This page lists publicly disclosed CVE vulnerabilities affecting netapp cloud_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-45105 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | [email protected] | 5.9 | 74.02% | 2021-12-18 | 2026-05-29 |
| CVE-2021-42550 | In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | [email protected] | 6.6 | 2.73% | 2021-12-16 | 2024-11-21 |
| CVE-2021-44228 KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along wit | [email protected] | 10.0 | 94.36% | 2021-12-10 | 2026-02-20 |
| CVE-2021-27002 | NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | [email protected] | 7.5 | 0.75% | 2021-10-11 | 2024-11-21 |
| CVE-2021-26999 | NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | [email protected] | 4.3 | 0.23% | 2021-08-06 | 2024-11-21 |
| CVE-2021-26998 | NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | [email protected] | 4.3 | 0.23% | 2021-08-06 | 2024-11-21 |
| CVE-2021-31807 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | [email protected] | 6.5 | 33.71% | 2021-06-08 | 2024-11-21 |
| CVE-2021-31808 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | [email protected] | 6.5 | 0.33% | 2021-05-27 | 2024-11-21 |
| CVE-2021-31806 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | [email protected] | 6.5 | 85.18% | 2021-05-27 | 2024-11-21 |
| CVE-2021-28651 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. | [email protected] | 7.5 | 6.13% | 2021-05-27 | 2024-11-21 |
| CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | [email protected] | 7.5 | 13.58% | 2021-04-01 | 2025-08-27 |
| CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | [email protected] | 5.3 | 93.48% | 2021-04-01 | 2024-11-21 |
| CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | [email protected] | 2.7 | 0.17% | 2021-04-01 | 2024-11-21 |
| CVE-2021-26992 | Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). | [email protected] | 7.5 | 0.70% | 2021-03-19 | 2024-11-21 |
| CVE-2021-26991 | Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. | [email protected] | 7.5 | 0.21% | 2021-03-19 | 2024-11-21 |
| CVE-2021-26990 | Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | [email protected] | 9.1 | 0.60% | 2021-03-19 | 2024-11-21 |
| CVE-2020-25097 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | [email protected] | 8.6 | 0.58% | 2021-03-19 | 2024-11-21 |
| CVE-2021-23337 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | [email protected] | 7.2 | 2.40% | 2021-02-15 | 2024-11-21 |
| CVE-2020-14058 | An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. | [email protected] | 7.5 | 1.54% | 2020-06-30 | 2024-11-21 |