CVE-2016-6904

CWE-2553 documents3 sources
Severity
8.1HIGH
EPSS
0.2%
top 54.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netapp Vasa ProviderNetapp Vasa Provider FOR Clustered Data Ontap
Timeline
PublishedDec 11
Latest updateMay 14

Description

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5netapp/vasa_provider_for_clustered_data_ontapVersions prior to 7.0P1

🔴Vulnerability Details

2
GHSA
GHSA-p52f-9xgh-mjcf: Versions of VASA Provider for Clustered Data ONTAP prior to 72022-05-14
CVEList
CVE-2016-6904: Versions of VASA Provider for Clustered Data ONTAP prior to 72017-12-11
CVE-2016-6904 (HIGH CVSS 8.1) | Versions of VASA Provider for Clust | cvebase.io