CVE-2020-8585Link Following in Oncommand Unified Manager

CWE-59Link Following3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 65.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Oncommand Unified Manager
Timeline
PublishedJan 28
Latest updateMay 24

Description

OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xg84-ch2x-h237: OnCommand Unified Manager Core Package versions prior to 52022-05-24
CVEList
CVE-2020-8585: OnCommand Unified Manager Core Package versions prior to 52021-01-28
CVE-2020-8585 — Link Following | cvebase