Directory Listing Vulnerability in NetApp Blue XP Connector
CVE-2023-27311

5.3MEDIUM

Key Information:

Vendor
Netapp
Status
Information Disclosure Vulnerability In Netapp Bluexp Connector
Vendor
CVE Published:
26 May 2023

Summary

The NetApp Blue XP Connector is affected by a vulnerability that allows unauthorized exposure of sensitive information through directory listing. Specifically, versions prior to 3.9.25 have this flaw, which can lead to potential data leaks. To mitigate this risk, users are advised to redeploy a fresh version of the Connector that incorporates the updated architecture designed to eliminate this security issue.

Affected Version(s)

Information Disclosure Vulnerability in NetApp BlueXP Connector prior to 3.9.25

References

https://security.netapp.com/advisory/ntap-20230525-0001/

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-27311 : Directory Listing Vulnerability in NetApp Blue XP Connector | SecurityVulnerability.io