Unauthorized Data Discovery in NetApp Clustered Data ONTAP
CVE-2020-8588

3.5LOW

Key Information:

Vendor
Netapp
Status
Clustered Data Ontap
Vendor
CVE Published:
3 February 2021

Summary

The vulnerability in Clustered Data ONTAP affects versions prior to 9.3P20 and 9.5P15, allowing unauthorized tenant users to detect the presence of data on other Storage Virtual Machines (SVMs). This could lead to information leakage and potential privacy violations, as malicious users might gain insights into sensitive data residing in distinct SVMs without proper authorization.

Affected Version(s)

Clustered Data ONTAP Versions prior to 9.3P20 and 9.5P15

References

https://security.netapp.com/advisory/ntap-20210201-0001/
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-8588 : Unauthorized Data Discovery in NetApp Clustered Data ONTAP | SecurityVulnerability.io