PT-2017-18623 · Netapp · Netapp Oncommand Api Services

Published

2017-07-25

Updated

2021-05-11

CVE-2017-8919

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NetApp OnCommand API Services versions prior to 1.2P3

Description The issue allows remote authenticated users to obtain sensitive password information. This occurs because the LDAP BIND password is logged when a user attempts to log in using the REST API.

Recommendations For versions prior to 1.2P3, update to version 1.2P3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-8919

Affected Products

Netapp Oncommand Api Services

PT-2017-18623 · Netapp · Netapp Oncommand Api Services

CVE-2017-8919

Related Identifiers

Affected Products

References · 4