exploitDog

CVE-2017-8919

Опубликовано: 25 июл. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/99957
Third Party Advisory
VDB Entry
https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001
Vendor Advisory
http://www.securityfocus.com/bid/99957
Third Party Advisory
VDB Entry
https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netapp:oncommand_api_services:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 44%

0.00213

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-wc85-c4qp-j929

CVSS3: 6.5

github

больше 3 лет назад

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.

EPSS

Процентиль: 44%

0.00213

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo