PT-2020-9890 · Netapp · Oncommand System Manager

Published

2020-03-24

Updated

2020-03-26

CVE-2019-17276

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OnCommand System Manager versions 9.3 prior to 9.3P18 OnCommand System Manager versions 9.4 prior to 9.4P2

Description The issue is related to a cross-site scripting vulnerability. This could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.

Recommendations For OnCommand System Manager versions 9.3 prior to 9.3P18, update to version 9.3P18 or later. For OnCommand System Manager versions 9.4 prior to 9.4P2, update to version 9.4P2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17276

Affected Products

Oncommand System Manager

PT-2020-9890 · Netapp · Oncommand System Manager

CVE-2019-17276

Weakness Enumeration

Related Identifiers

Affected Products

References · 3