PT-2021-17214 · Netapp · Clustered Data Ontap
Published
2021-03-04
·
Updated
2021-03-18
·
CVE-2021-26988
CVSS v3.1
3.5
Low
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Clustered Data ONTAP versions prior to 9.3P21
Clustered Data ONTAP versions prior to 9.5P16
Clustered Data ONTAP versions prior to 9.6P12
Clustered Data ONTAP versions prior to 9.7P8
Clustered Data ONTAP versions prior to 9.8
Description:
The issue allows unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode. This includes Storage Virtual Machine (SVM) names, volume names, directory paths, and Job IDs.
Recommendations:
For versions prior to 9.3P21, update to version 9.3P21 or later.
For versions prior to 9.5P16, update to version 9.5P16 or later.
For versions prior to 9.6P12, update to version 9.6P12 or later.
For versions prior to 9.7P8, update to version 9.7P8 or later.
For versions prior to 9.8, update to version 9.8 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clustered Data Ontap