CVE-2017-15518

Published: Feb 23, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.

Affected (5)

Products: Netapp: Oncommand Api Services, Service Level Manager

Netapp

2 products

Oncommand Api Services

Service Level Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Oncommand Api Services	Up to 2.0
Netapp Service Level Manager	Up to 1.0
Netapp Service Level Manager	Version 1.0 rc1
Netapp Service Level Manager	Version 1.0 rc2
Netapp Service Level Manager	Version 1.0 rc3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://security.netapp.com/advisory/NTAP-20180223-0001/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/NTAP-20180223-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.