Sensitive Information Exposure in NetApp Cloud Manager
CVE-2021-26999

4.3MEDIUM

Key Information:

Vendor
Netapp
Status
Netapp Cloud Manager
Vendor
CVE Published:
6 August 2021

Summary

NetApp Cloud Manager versions prior to 3.9.9 exhibit a vulnerability that logs sensitive information when an Active Directory connection fails. This logged data is accessible exclusively to authenticated users. Organizations utilizing auto-upgrade should have already transitioned to a secure version, while those employing on-prem connectors with auto-upgrade turned off must promptly upgrade to ensure protection against this exposure.

Affected Version(s)

NetApp Cloud Manager Prior to 3.9.9

References

https://security.netapp.com/advisory/NTAP-20210805-0012
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-26999 : Sensitive Information Exposure in NetApp Cloud Manager | SecurityVulnerability.io