CVE-2018-5497

Published: Jan 24, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

Affected (18)

Products: Netapp: Clustered Data Ontap

Netapp

1 product

Clustered Data Ontap

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Up to 9.1
Netapp Clustered Data Ontap	Version 9.1 p10
Netapp Clustered Data Ontap	Version 9.1 p11
Netapp Clustered Data Ontap	Version 9.1 p12
Netapp Clustered Data Ontap	Version 9.1 p13
Netapp Clustered Data Ontap	Version 9.1 p14
Netapp Clustered Data Ontap	Version 9.1 p15
Netapp Clustered Data Ontap	Version 9.1 p2
Netapp Clustered Data Ontap	Version 9.1 p3
Netapp Clustered Data Ontap	Version 9.1 p4
Netapp Clustered Data Ontap	Version 9.1 p5
Netapp Clustered Data Ontap	Version 9.1 p6
Netapp Clustered Data Ontap	Version 9.1 p7
Netapp Clustered Data Ontap	Version 9.1 p8
Netapp Clustered Data Ontap	Version 9.1 p9
Netapp Clustered Data Ontap	Version 9.1 rc1
Netapp Clustered Data Ontap	Version 9.3 p10
Netapp Clustered Data Ontap	Version 9.4 p5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://security.netapp.com/advisory/ntap-20190109-0001/

Source: security-alert@netapp.com

Issue TrackingVendor Advisory

https://security.netapp.com/advisory/ntap-20190109-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.