CVE-2021-27003 — UI Misrepresentation / Clickjacking in Clustered Data Ontap

CWE-1021 — UI Misrepresentation / Clickjacking3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.2%

top 56.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Clustered Data Ontap

Timeline

PublishedOct 12

Latest updateMay 24

Description

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnetapp/clustered_data_ontap< 9.5+4

▶CVEListV5netapp/clustered_data_ontapVersions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1

🔴Vulnerability Details

GHSA

GHSA-xww2-w37x-3jh9: Clustered Data ONTAP versions prior to 9↗2022-05-24

▶

CVEList

CVE-2021-27003: Clustered Data ONTAP versions prior to 9↗2021-10-12

▶