CVE-2019-17276

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 42.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Oncommand System Manager

Timeline

PublishedMar 24

Latest updateMay 24

Description

OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5oncommand_system_manager_9.x9.3 prior to 9.3P18 and 9.4 prior to 9.4P2

▶NVDnetapp/oncommand_system_manager9.3, 9.4+1

🔴Vulnerability Details

GHSA

GHSA-fq45-m72f-vr3x: OnCommand System Manager versions 9↗2022-05-24

▶

CVEList

CVE-2019-17276: OnCommand System Manager versions 9↗2020-03-24

▶