CVE-2018-5497 — Sensitive Information Exposure in Clustered Data Ontap

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 65.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Clustered Data Ontap

Timeline

PublishedJan 24

Latest updateJun 30

Description

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDnetapp/clustered_data_ontap9.1+3

▶CVEListV5netapp/clustered_data_ontapVersions prior to 9.1P16, 9.3P10 and 9.4P5

🔴Vulnerability Details

OSV

libjpeg6b vulnerabilities↗2022-06-30

▶

GHSA

GHSA-v9qv-w9qh-hrj7: Clustered Data ONTAP versions prior to 9↗2022-05-14

▶

CVEList

CVE-2018-5497: Clustered Data ONTAP versions prior to 9↗2019-01-24

▶

💥Exploits & PoCs

Exploit-DB

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure↗2018-10-17

▶