Information Disclosure Vulnerability in NetApp Clustered Data ONTAP
CVE-2021-26988

3.5LOW

Key Information:

Vendor
Netapp
Status
Clustered Data Ontap
Vendor
CVE Published:
4 March 2021

Summary

Certain versions of NetApp's Clustered Data ONTAP are vulnerable to a security flaw that could enable unauthorized users to gain access to sensitive information. This vulnerability allows tenant users to uncover critical details such as Storage Virtual Machine (SVM) names, volume names, directory paths, and Job IDs when converting a 7-Mode directory to Cluster-mode. Organizations using affected versions are encouraged to update to secure releases to mitigate the risk of exposure.

Affected Version(s)

Clustered Data ONTAP Prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8

References

https://security.netapp.com/advisory/NTAP-20210303-0001
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-26988 : Information Disclosure Vulnerability in NetApp Clustered Data ONTAP | SecurityVulnerability.io