Insecure Cross-Origin Resource Sharing Policy in Cloud Manager by NetApp
CVE-2021-26991

7.5HIGH

Key Information:

Vendor: Netapp
Status: Cloud Manager
Vendor: CVE Published:; 19 March 2021

What is CVE-2021-26991?

Cloud Manager versions preceding 3.9.4 are affected by a flawed Cross-Origin Resource Sharing (CORS) policy. This vulnerability enables remote attackers to execute unauthorized interactions with the Cloud Manager, potentially compromising the security and functionality of the affected product. Users are advised to upgrade to the latest version to mitigate any risks associated with this issue.

Affected Version(s)

Cloud Manager Prior to 3.9.4

References

https://security.netapp.com/advisory/NTAP-20210318-0002

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2021
Vulnerability Reserved
Feb 9, 2021

Netapp

What is CVE-2021-26991?

Affected Version(s)

References

CVSS V3.1

Timeline