Data Exposure Vulnerability in NetApp Clustered Data ONTAP by NetApp
CVE-2017-12423

7.7HIGH

Key Information:

Vendor: Netapp
Status: Clustered Data Ontap
Vendor: CVE Published:; 1 September 2017

Summary

A vulnerability exists in NetApp Clustered Data ONTAP versions prior to 8.3.2P12 that enables remote authenticated users to access and read sensitive data from other Storage Virtual Machines (SVMs). This issue arises from unspecified vectors, compromising the integrity and confidentiality of the data contained within a multi-tenant environment.

References

https://kb.netapp.com/support/s/article/NTAP-20170831-0002

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 1, 2017
Vulnerability Reserved
Aug 4, 2017