CVE-2021-26999

CWE-532 — Log File Information Exposure CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 54.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Cloud Manager

Timeline

PublishedAug 6

Latest updateMay 24

Description

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnetapp/cloud_manager< 3.9.9

▶CVEListV5netapp_cloud_managerPrior to 3.9.9

🔴Vulnerability Details

GHSA

GHSA-rjc7-5v4g-mw2w: NetApp Cloud Manager versions prior to 3↗2022-05-24

▶

CVEList

CVE-2021-26999: NetApp Cloud Manager versions prior to 3↗2021-08-06

▶