snap_creator_framework vulnerabilities and exploits

4.3
MEDIUM
CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated ...

6.8
MEDIUM
CVE-2016-5372

Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

5
MEDIUM
CVE-2016-7172

NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.