CVE-2019-5503

Published: Sep 10, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

Affected (1)

Products: Netapp: Oncommand Workflow Automation

Netapp

1 product

Oncommand Workflow Automation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Oncommand Workflow Automation	Version 5.0

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://security.netapp.com/advisory/ntap-20190909-0001/

Source: security-alert@netapp.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190909-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.