Content Security Policy Gap in SnapCenter by NetApp
CVE-2022-38732

7.5HIGH

Key Information:

Vendor: Netapp
Status: Snapcenter
Vendor: CVE Published:; 29 September 2022

Summary

SnapCenter versions prior to 4.7 are vulnerable due to the absence of a Content Security Policy (CSP). This oversight may expose users to various types of attacks that could have been otherwise mitigated through proper security measures. Implementing a CSP is essential for safeguarding web applications against cross-site scripting (XSS) and other injection attacks, emphasizing the importance of keeping software up-to-date to strengthen security defenses.

Affected Version(s)

SnapCenter prior to 4.7

References

https://security.netapp.com/advisory/NTAP-20220926-0001/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Aug 24, 2022