Data Disclosure Vulnerability in Clustered Data ONTAP by NetApp
CVE-2020-8578

3.3LOW

Key Information:

Vendor
Netapp
Status
Clustered Data Ontap
Vendor
CVE Published:
8 February 2021

Summary

Clustered Data ONTAP prior to version 9.3P20 has a vulnerability that allows attackers to obtain sensitive node names from AutoSupport bundles, even when private data removal is intended. This flaw poses potential risks to data security and integrity, enabling unauthorized disclosure of critical information.

Affected Version(s)

Clustered Data ONTAP Versions prior to 9.3P20

References

https://security.netapp.com/advisory/NTAP-20210208-0002/
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-8578 : Data Disclosure Vulnerability in Clustered Data ONTAP by NetApp | SecurityVulnerability.io