PT-2019-10985 · Netapp · Oncommand Unified Manager For 7-Mode

Publicado

2019-01-07

·

Atualizado

2019-10-03

·

CVE-2018-5481

CVSS v3.1

7.4

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions: OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.4
Description: The issue allows for impersonation via man-in-the-middle (MITM) attacks due to the lack of the secure attribute in cookies under certain circumstances.
Recommendations: For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2018-5481

Produtos afetados

Oncommand Unified Manager For 7-Mode