Cross-Site Scripting Flaw in OnCommand System Manager by NetApp
CVE-2019-17276

5.4MEDIUM

Key Information:

Vendor: Netapp
Status: Oncommand System Manager 9.x
Vendor: CVE Published:; 24 March 2020

Summary

OnCommand System Manager versions prior to 9.3P18 and 9.4P2 exhibit a cross-site scripting vulnerability, allowing an authenticated attacker to inject malicious scripts through the SNMP Community Names label field. This can potentially compromise the security of the affected system, leading to unauthorized actions or data breaches.

Affected Version(s)

OnCommand System Manager 9.x 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2

References

https://security.netapp.com/advisory/ntap-20200323-0001/

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 24, 2020
Vulnerability Reserved
Oct 7, 2019