Описание
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.5 (исключая)Версия до 9.5 (исключая)Версия до 9.5 (исключая)
Одно из
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 52%
0.00291
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-254
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
EPSS
Процентиль: 52%
0.00291
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-254