CVE-2021-27004 — Insecure Storage of Sensitive Information in Ontap System Manager

CWE-922 — Insecure Storage of Sensitive Information3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Ontap System Manager

Timeline

PublishedNov 1

Latest updateMay 24

Description

System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDnetapp/ontap_system_manager9.0 — 9.7+3

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-8qch-qwg3-vf6m: System Manager 9↗2022-05-24

▶

CVEList

CVE-2021-27004: System Manager 9↗2021-11-01

▶