PT-2021-12802 · Netapp · Netapp Clustered Data Ontap

Published

2021-02-08

Updated

2021-02-12

CVE-2020-8590

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: NetApp Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12

Description: The issue allows an attacker to discover node names via AutoSupport bundles even when the remove-private-data parameter is set to true. This could potentially expose sensitive information.

Recommendations: For versions prior to 9.1P18, update to version 9.1P18 or later. For versions prior to 9.3P12, update to version 9.3P12 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-8590

Affected Products

Netapp Clustered Data Ontap

PT-2021-12802 · Netapp · Netapp Clustered Data Ontap

CVE-2020-8590

Related Identifiers

Affected Products

References · 4