CVE-2019-5505Cleartext Transmission of Sensitive Info in Ontap Select Deploy Administration Utility

CWE-319Cleartext Transmission of Sensitive InfoCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 63.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Ontap Select Deploy Administration Utility
Timeline
PublishedSep 24
Latest updateMay 24

Description

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5netapp/ontap_select_deploy_administration_utilityVersions 2.2 through 2.12.1

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

2
GHSA
GHSA-86c9-m554-h9q9: ONTAP Select Deploy administration utility versions 22022-05-24
CVEList
CVE-2019-5505: ONTAP Select Deploy administration utility versions 22019-09-24
CVE-2019-5505 — CRITICAL severity | cvebase