Sensitive Information Exposure in NetApp Cloud Manager
CVE-2021-26998

4.3MEDIUM

Key Information:

Vendor
Netapp
Status
Netapp Cloud Manager
Vendor
CVE Published:
6 August 2021

Summary

NetApp Cloud Manager versions prior to 3.9.9 expose sensitive information in logs, which are accessible to authenticated users. This vulnerability necessitates immediate upgrades for users, particularly those utilizing on-prem connectors with auto-upgrade disabled, to a secure version to prevent unauthorized access to sensitive log data.

Affected Version(s)

NetApp Cloud Manager Prior to 3.9.9

References

https://security.netapp.com/advisory/NTAP-20210805-0011
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-26998 : Sensitive Information Exposure in NetApp Cloud Manager | SecurityVulnerability.io