Data Exposure Risk in Clustered Data ONTAP by NetApp
CVE-2020-8589

3.5LOW

Key Information:

Vendor
Netapp
Status
Clustered Data Ontap
Vendor
CVE Published:
3 February 2021

Summary

NetApp's Clustered Data ONTAP prior to versions 9.3P20 and 9.5P15 contains a vulnerability that can be exploited by unauthorized tenant users. This could lead to potential exposure of names of other Storage Virtual Machines (SVMs) and the files contained within those SVMs, increasing the risk of data leakage and unauthorized access.

Affected Version(s)

Clustered Data ONTAP Versions prior to 9.3P20 and 9.5P15

References

https://security.netapp.com/advisory/ntap-20210201-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-8589 : Data Exposure Risk in Clustered Data ONTAP by NetApp | SecurityVulnerability.io