Arbitrary File Inclusion in NetApp OnCommand System Manager
CVE-2013-3321

7.5HIGH

Key Information:

Vendor: Netapp
Status: Oncommand System Manager
Vendor: CVE Published:; 29 January 2020

Summary

NetApp OnCommand System Manager versions 2.1 and earlier are susceptible to an arbitrary file inclusion vulnerability. This can be exploited by remote attackers through crafted requests to the 'diagnostic' page, specifically manipulating the SnapMirror log path parameter. This flaw could potentially allow unauthorized access to sensitive information, posing a significant risk to system integrity and confidentiality.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84062

vdb-entryx_refsource_XF

https://www.securityfocus.com/archive/1/526552

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2020
Vulnerability Reserved
May 2, 2013