Versions
9.7 through 9.7P7
Versions prior to 9.7P13 and 9.8P3
Versions prior to 9.3P20 and 9.5
Versions prior to 9.3P20 and 9.5P15
Prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8
9.2 and higher
Versions prior to 9.3P20
9.11.1 through 9.11.1P2
9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2
Prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8
Versions prior to 9.1P18 and 9.3P12
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3
9.0 and higher
Versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1
Versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7
Recent CVEs
CVE-2022-23241
Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.
CVE-2021-27005
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
CVE-2021-27001
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
CVE-2021-26994
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
CVE-2021-26989
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
CVE-2021-26988
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
CVE-2020-8590
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVE-2020-8578
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVE-2020-8589
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.