CVE-2022-23241

Published: Oct 19, 2022Modified: May 9, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

Affected (3)

Products: Netapp: Clustered Data Ontap

1 product

Clustered Data Ontap

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Version 9.11.1
Netapp Clustered Data Ontap	Version 9.11.1 p2
Netapp Clustered Data Ontap	Version 9.11.1 rc1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://security.netapp.com/advisory/ntap-20221017-0001/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20221017-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.