PT-2017-13226 · Netapp · Netapp Oncommand Unified Manager For Clustered Data Ontap

Published

2017-09-01

Updated

2017-09-06

CVE-2017-14053

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NetApp OnCommand Unified Manager for Clustered Data ONTAP versions prior to 7.2P1

Description The issue makes it easier for remote attackers to capture an unspecified cookie by intercepting its transmission within an HTTP session, as the secure flag is not set for the cookie in an HTTPS session.

Recommendations For versions prior to 7.2P1, update to version 7.2P1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-14053

Affected Products

Netapp Oncommand Unified Manager For Clustered Data Ontap

PT-2017-13226 · Netapp · Netapp Oncommand Unified Manager For Clustered Data Ontap

CVE-2017-14053

Weakness Enumeration

Related Identifiers

Affected Products

References · 3