LDAP Authentication Vulnerability in NetApp OnCommand Unified Manager
CVE-2017-7568

5.3MEDIUM

Key Information:

Vendor
Netapp
Status
Oncommand Unified Manager For 7-mode (core Package)
Vendor
CVE Published:
22 June 2018

Summary

An information disclosure vulnerability exists in NetApp's OnCommand Unified Manager for 7-Mode prior to version 5.2.3. This vulnerability allows authenticated users to access sensitive LDAP account information when testing the LDAP authentication within the user interface. Such exposure can lead to unauthorized account access and requires immediate remediation to secure user data and system integrity.

Affected Version(s)

OnCommand Unified Manager for 7-Mode (core package) Versions below 5.2.3

References

https://security.netapp.com/advisory/ntap-20180621-0001/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104536
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-7568 : LDAP Authentication Vulnerability in NetApp OnCommand Unified Manager | SecurityVulnerability.io