Cross-Site Scripting Vulnerability in NetApp SnapCenter Server
CVE-2017-15515

4.8MEDIUM

Key Information:

Vendor: Netapp
Status: Snapcenter Server
Vendor: CVE Published:; 4 March 2019

Summary

NetApp SnapCenter Server before version 4.0 is vulnerable to cross-site scripting (XSS) attacks, which may allow an attacker with privileged access to inject malicious scripts into the custom secondary policy label field. This opens the door for exploitation, potentially leading to unauthorized actions or data compromise. It is crucial for users to update to patched versions to mitigate this risk.

Affected Version(s)

SnapCenter Server Versions prior to 4.0

References

http://www.securityfocus.com/bid/107272

vdb-entryx_refsource_BID

https://security.netapp.com/advisory/ntap-20190304-0002/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 4, 2019
Vulnerability Reserved
Oct 17, 2017