Information Disclosure Vulnerability in NetApp SANtricity OS Controller Software
CVE-2020-8577

5.9MEDIUM

Key Information:

Vendor: Netapp
Status: E-series Santricity Os Controller Software
Vendor: CVE Published:; 6 November 2020

Summary

The SANtricity OS Controller Software by NetApp is affected by a vulnerability that allows an attacker to intercept and potentially access sensitive information transmitted during HTTPS sessions. This issue arises in versions 11.50.1 and newer, emphasizing the importance of secure transmission protocols to safeguard confidential data. Users are urged to review their configurations and apply recommended security practices to mitigate the risk of unauthorized information access.

Affected Version(s)

E-Series SANtricity OS Controller Software 11.50.1 and higher

References

https://security.netapp.com/advisory/ntap-20201105-0001/

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2020
Vulnerability Reserved
Feb 3, 2020