Oncommand unified manager

This hub aggregates every CVE we track for Oncommand unified manager, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oncommand unified manager.

• CVE-2020-8585OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).5.5Jan 28, 2021
• CVE-2020-14803Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticat...5.3Oct 21, 2020
• CVE-2020-14792Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261...4.2Oct 21, 2020
• CVE-2020-14796Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u2...3.1Oct 21, 2020
• CVE-2020-14798Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u2...3.1Oct 21, 2020
• CVE-2020-14797Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u2...3.7Oct 21, 2020
• CVE-2019-18276An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by set...7.8Nov 28, 2019
• CVE-2019-5482Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.9.8Sep 16, 2019
• CVE-2019-5443A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"...7.8Jul 2, 2019
• CVE-2019-5495OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information v...7.5May 10, 2019
• CVE-2019-5494OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.7.5May 10, 2019
• CVE-2019-0211In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scr...KEV7.8Apr 8, 2019
• CVE-2019-0217In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another use...7.5Apr 8, 2019
• CVE-2019-9898Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.9.8Mar 21, 2019
• CVE-2019-9897Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.7.5Mar 21, 2019