Security Vulnerabilities (formerly scanner results)

Bulletin ID: NTAP-SB-20211028-0001 Version:1.0 Last Updated: 20211028

Applies To

All NetApp products

NOTE: This content formerly existed as a Knowledgebase article.

  • NetApp takes the security of our products very seriously and is committed to resolving vulnerabilities to meet the needs of our users and the broader technology community.
  • As a result of a continually changing threat landscape, NetApp is updating its Product Security Vulnerability Handling and Response Policy.
  • NetApp has stopped maintaining the static tables that previously existed on the Scanner Results Knowledgebase article page.
  • Recognizing that users are still interested in information related to potential security vulnerabilities, Common Vulnerability Exposure (CVE) identifiers are searchable in our Bug Tools, Knowledgebase, and Support sites.
  • Our current Security policy is available for review on the NetApp Security landing page: https://security.netapp.com/

Current Advisory and Notice Documents

  • This page will not be updated for new CVE IDs.
  • Security advisories for announced vulnerabilities can be located here: https://security.netapp.com/advisory/
  • The Support and Security Advisory sites should become the first stop when searching for CVE IDs impacting NetApp products.
  • The following are tables that can help you understand legacy security vulnerabilities related to NetApp products that third-party security scanners might report.
  • TABLE A describes CVE IDs that identify security vulnerabilities applicable to a NetApp product.
  • TABLE B describes CVE IDs that identify security vulnerabilities that might be reported by vulnerability scanners.
  • These vulnerabilities constitute ‘false positives’ reported by vulnerability scanners for user-shipped releases and thus are not believed to represent security exposures for the NetApp products.
  • The columns display the CVE number and the NetApp bug tracking number (referred to as a tracking ID on other security pages) where possible, or a title where a bug tracking number is not available.
  • It is strongly recommended that end users implement layers of security following security best-practices, including running antivirus tools on the data.
  • NetApp storage systems function like file systems to any attached clients.
  • While NetApp products might not propagate a given issue, the files and other data objects stored on a NetApp storage system can still be affected by an infected client.
TABLE A: Applicable CVE IDs
  • The listed CVE IDs might have been applicable to at least one release of Data ONTAP.
  • The Public Report for the provided bug tracking number will show the first ‘fixed release’ when the suspected vulnerability was remediated as well as the subsequent releases that are not subject to the identified vulnerability.
Data ONTAP
CVE ID Bug ID
CVE-2005-2969 172506
CVE-2006-4339 267478
CVE-2008-5077 369977
CVE-2008-4609 380197
CVE-2009-3555 386217
CVE-2009-4146, CVE-2009-4147 390420
CVE-2009-3563 394167
CVE-2004-2761 397514
CVE-2008-5161 424122
CVE-2006-0225 457316
CVE-2004-0230 489610
CVE-1999-0524 531251
CVE-2011-3210 536724
CVE-2007-1536 573253
CVE-2007-3798 573282
CVE-2008-3890 573287
CVE-2006-7243, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-2094, CVE-2010-2950, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0421, CVE-2011-0708, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755, CVE-2011-1092, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268, CVE-2011-4566, CVE-2012-0057, CVE-2012-0781, CVE-2012-0788, CVE-2012-0789, CVE-2011-4885, CVE-2012-3365, CVE-2012-2688, CVE-2012-1823, CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1917, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065 578043
CVE-2006-5794 578973
CVE-2012-2110 602118
CVE-2012-1165 622256
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2012-0050, CVE-2011-4619, CVE-2011-4577, CVE-2011-4576, CVE-2011-4109, CVE-2011-4108, CVE-2011-0014, CVE-2010-4252, CVE-2010-4180, CVE-2010-3864, CVE-2010-2939, CVE-2010-0742 677047
CVE-2005-2969 698797
CVE-2011-1473 707019
Management Tools and Client Products
CVE ID Bug ID
CVE-2004-0942, CVE-2005-2728 247972
CVE-2007-6203 275836
CVE-2009-3555 481527
CVE-2009-3720, CVE-2009-3560, CVE-2010-1623, CVE-2010-2068, CVE-2010-1452, CVE-2010-0425, CVE-2010-0434, CVE-2010-0408, CVE-2009-3094, CVE-2009-3095, CVE-2009-2699, CVE-2009-2412, CVE-2009-1890, CVE-2009-1191, CVE-2009-1891, CVE-2009-1195, CVE-2008-0456, CVE-2009-1956, CVE-2009-1955, CVE-2009-0023 487642
CVE-2010-4476 494500
CVE-2010-4476 494539
CVE-2010-4476 497845
CVE-2010-4476 500839
CVE-2011-0419, CVE-2011-3192, CVE-2011-3348 532848
CVE-2010-4476 586066
CVE-2012-0021, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053, CVE-2011-3192, CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-1890 590689
CVE-2012-0884 597187
CVE-2012-2131 602441
CVE-2012-1165 641032
CVE-2013-3320 654355
CVE-2013-3321 654357
CVE-2013-3322 654360
CVE-2013-0169 677043
CVE-2014-0098, CVE-2013-6438, CVE-2013-4365, CVE-2013-2249, CVE-2013-2765, CVE-2013-1896, CVE-2013-1862, CVE-2012-3499, CVE-2012-4558, CVE-2012-0883, CVE-2012-2687, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-4557, CVE-2011-3348, CVE-2011-3192 758123
TABLE B: False-Positive and Never Applicable CVE IDs

These CVE IDs are either ‘false positives’ reported by vulnerability scanners or were never applicable to user-shipping versions of the respective NetApp products.

Data ONTAP
CVE ID Bug ID
CVE-2000-0666 706057
CVE-2000-0800 746293
CVE-2005-2798 235607
CVE-2006-0225 415006
CVE-2006-0900 422926
CVE-2004-0175 424117
CVE-2007-4752 424118
CVE-2008-1483 424119
CVE-2008-3259 424121
CVE-2003-0190 424123
CVE-2009-1890 440854
CVE-2010-0434 440857
CVE-2010-3069 447837
CVE-2005-1849 467614
CVE-2011-0546 509858
CVE-2012-0027, CVE-2011-4577, CVE-2011-4109, CVE-2011-4108 563327
CVE-2012-0050 567553
CVE-2003-1562 568939
CVE-2006-0883 568947
CVE-2011-4313 574704
CVE-2011-1910 574731
CVE-2006-4925 578971
CVE-1999-0625 597184
CVE-2012-1182 599236
CVE-2012-2110 600349
CVE-2008-1657 603940
CVE-2011-4327 634723
CVE-2013-2686, CVE-2013-0169 677042
CVE-2013-0166 685330
CVE-2004-0079 698728
CVE-2004-0112 698791
CVE-2004-0975 698792
CVE-2008-0891 698802
CVE-2009-0590 698808
CVE-2009-0591 698810
CVE-2009-3245 698837
CVE-2009-4355 698842
CVE-2010-0433 698847
CVE-2010-0742 698849
CVE-2010-1633 698850
CVE-2011-3207 698858
CVE-2010-1452 699180
CVE-2010-2068 699182
CVE-2007-2243 751099
CVE-2000-1200 790912
CVE-2006-5794 824674
CVE-2006-4925 824687
Management Tools and Client Products
CVE ID Bug ID
CVE-2011-0419 530008
CVE-2012-3499, CVE-2012-4558 701918