Remote Data Exposure in NetApp Cloud Manager
CVE-2021-27002

7.5HIGH

Key Information:

Vendor: Netapp
Status: Cloud Manager
Vendor: CVE Published:; 11 October 2021

Summary

NetApp Cloud Manager prior to version 3.9.10 contains a vulnerability that may empower an unauthorized attacker to access sensitive information through the utilized web proxy. This flaw can lead to the unintended disclosure of confidential data, making it critical for organizations to apply updates promptly to mitigate potential risks associated with this security issue.

Affected Version(s)

Cloud Manager Versions prior to 3.9.10

References

https://security.netapp.com/advisory/ntap-20211011-0001/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Feb 9, 2021