CVE-2021-26997Information Exposure via Error Message in E-series Santricity OS Controller

CWE-209Information Exposure via Error Message3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp E-series Santricity OS Controller
Timeline
PublishedJun 11
Latest updateMay 24

Description

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p74c-jf66-6rw3: E-Series SANtricity OS Controller Software 112022-05-24
CVEList
CVE-2021-26997: E-Series SANtricity OS Controller Software 112021-06-11
CVE-2021-26997 — Information Exposure via Error Message | cvebase