Database Password Exposure in OnCommand API Services and NetApp Service Level Manager
CVE-2017-15518

7.8HIGH

Key Information:

Vendor
Netapp
Status
Oncommand Api Services And Netapp Service Level Manager
Vendor
CVE Published:
23 February 2018

Summary

The vulnerability allows all versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 to log a privileged database user account password. This could lead to unauthorized access and potential security breaches. Users are advised to upgrade to fixed versions, as the affected password is automatically changed during any upgrade or installation process, mitigating the need for further action.

Affected Version(s)

OnCommand API Services and NetApp Service Level Manager Versions prior to 2.1 and 1.0RC4

References

https://security.netapp.com/advisory/NTAP-20180223-0001/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-15518 : Database Password Exposure in OnCommand API Services and NetApp Service Level Manager | SecurityVulnerability.io