exploitDog

CVE-2021-26999

Опубликовано: 06 авг. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.

Ссылки

https://security.netapp.com/advisory/NTAP-20210805-0012
Vendor Advisory
https://security.netapp.com/advisory/NTAP-20210805-0012
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netapp:cloud_manager:*:*:*:*:*:*:*:*

Версия до 3.9.9 (исключая)

EPSS

Процентиль: 45%

0.00227

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-rjc7-5v4g-mw2w

CVSS3: 4.3

github

больше 3 лет назад

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.

EPSS

Процентиль: 45%

0.00227

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532