CVE-2018-5481

Published: Jan 7, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.

Affected (1)

Products: Netapp: Oncommand Unified Manager

Netapp

1 product

Oncommand Unified Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Oncommand Unified Manager	Before 5.2.4

Related CWEs

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (2)

https://security.netapp.com/advisory/ntap-20190104-0001/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20190104-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.