PT-2017-8320 · Netapp · Netapp Oncommand System Manager

Published

2017-02-07

Updated

2017-11-16

CVE-2016-3063

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetApp OnCommand System Manager versions prior to 8.3.2

Description The issue concerns multiple functions in the software that do not properly escape special characters. This allows remote authenticated users to execute arbitrary API calls, potentially leading to unauthorized actions.

Recommendations For versions prior to 8.3.2, update to version 8.3.2 or later to resolve the issue.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2016-3063

Affected Products

Netapp Oncommand System Manager

PT-2017-8320 · Netapp · Netapp Oncommand System Manager

CVE-2016-3063

Weakness Enumeration

Related Identifiers

Affected Products

References · 4