Remote Information Disclosure in E-Series SANtricity OS by NetApp
CVE-2021-26996

7.5HIGH

Key Information:

Vendor
Netapp
Status
E-series Santricity Os Controller Software 11.x
Vendor
CVE Published:
11 June 2021

Summary

The E-Series SANtricity OS Controller Software versions prior to 11.70.1 have a vulnerability that can be exploited by a remote attacker. This flaw permits the unauthorized disclosure of system configuration and application details, potentially aiding in the execution of more complex attacks. Organizations utilizing vulnerable versions of this software are encouraged to apply the necessary updates to mitigate these risks.

Affected Version(s)

E-Series SANtricity OS Controller Software 11.x Prior to 11.70.1

References

https://security.netapp.com/advisory/NTAP-20210610-0003
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-26996 : Remote Information Disclosure in E-Series SANtricity OS by NetApp | SecurityVulnerability.io