Cookie Security Flaw in NetApp OnCommand Unified Manager for Clustered Data ONTAP
CVE-2017-14053

7.5HIGH

Key Information:

Vendor: Netapp
Status: Oncommand Unified Manager For Clustered Data Ontap
Vendor: CVE Published:; 1 September 2017

What is CVE-2017-14053?

The NetApp OnCommand Unified Manager for Clustered Data ONTAP before version 7.2P1 fails to set the secure flag for a specific cookie used in HTTPS sessions. This oversight allows remote attackers to capture the cookie unencrypted by intercepting its transmission during HTTP sessions, potentially compromising sensitive session information. Affected users should upgrade to the latest version to mitigate this risk.

References

https://kb.netapp.com/support/s/article/NTAP-20170831-0001

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2017
Vulnerability Reserved
Aug 31, 2017

Netapp

What is CVE-2017-14053?

References

CVSS V3.1

Timeline