API Injection Vulnerability in NetApp OnCommand System Manager
CVE-2016-3063

7.5HIGH

Key Information:

Vendor: Netapp
Status: Oncommand System Manager
Vendor: CVE Published:; 7 February 2017

Summary

Multiple functions in NetApp OnCommand System Manager prior to version 8.3.2 possess a flaw in character escaping, allowing remote authenticated users to execute arbitrary API calls. This vulnerability exposes the system to potential malicious actions through unauthorized access to API functionalities, which may compromise the integrity and confidentiality of the system.

References

https://kb.netapp.com/support/s/article/cve-2016-3063-zap...

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20160310-0004/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2017
Vulnerability Reserved
Mar 9, 2016