PT-2019-10986 · Netapp · Netapp Snapcenter Server

Published

2019-03-04

Updated

2019-10-03

CVE-2018-5482

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: NetApp SnapCenter Server versions prior to 4.1

Description: The issue concerns the transmission of a sensitive cookie in plain text over an unencrypted channel due to the lack of a secure flag in an HTTPS session.

Recommendations: For versions prior to 4.1, update to version 4.1 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2018-5482

Affected Products

Netapp Snapcenter Server

PT-2019-10986 · Netapp · Netapp Snapcenter Server

CVE-2018-5482

Weakness Enumeration

Related Identifiers

Affected Products

References · 4