CVE-2022-23241

Name of the Vulnerable Software and Affected Versions Clustered Data ONTAP versions 9.11.1 through 9.11.1P2

Description The issue allows an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period, specifically in configurations with SnapLock and FlexGroups.

Recommendations For Clustered Data ONTAP versions 9.11.1 through 9.11.1P2, consider restricting access to SnapLock configured FlexGroups until a patch is available. As a temporary workaround, limit the privileges of authenticated remote attackers to prevent modification or deletion of WORM data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.