CVE-2016-3063

CWE-1163 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Oncommand System Manager

Timeline

PublishedFeb 7

Latest updateMay 17

Description

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDnetapp/oncommand_system_manager8.3.1

Patches

Patch: kb.netapp.com ↗Patch: kb.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-gwgr-xqcv-px29: Multiple functions in NetApp OnCommand System Manager before 8↗2022-05-17

▶

CVEList

CVE-2016-3063: Multiple functions in NetApp OnCommand System Manager before 8↗2017-02-07

▶