Database Password Exposure in OnCommand API Services and NetApp Service Level Manager
CVE-2017-15518

7.8HIGH

Key Information:

Vendor: Netapp
Status: Oncommand Api Services And Netapp Service Level Manager
Vendor: CVE Published:; 23 February 2018

What is CVE-2017-15518?

The vulnerability allows all versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 to log a privileged database user account password. This could lead to unauthorized access and potential security breaches. Users are advised to upgrade to fixed versions, as the affected password is automatically changed during any upgrade or installation process, mitigating the need for further action.

Affected Version(s)

OnCommand API Services and NetApp Service Level Manager Versions prior to 2.1 and 1.0RC4

References

https://security.netapp.com/advisory/NTAP-20180223-0001/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2018
Vulnerability Reserved
Oct 17, 2017

Netapp

What is CVE-2017-15518?

Affected Version(s)

References

CVSS V3.1

Timeline