PT-2019-10985 · Netapp · Oncommand Unified Manager For 7-Mode

Published

2019-01-07

Updated

2019-10-03

CVE-2018-5481

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.4

Description: The issue allows for impersonation via man-in-the-middle (MITM) attacks due to the lack of the secure attribute in cookies under certain circumstances.

Recommendations: For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2018-5481

Affected Products

Oncommand Unified Manager For 7-Mode

PT-2019-10985 · Netapp · Oncommand Unified Manager For 7-Mode

CVE-2018-5481

Weakness Enumeration

Related Identifiers

Affected Products

References · 3