Main Vulnerability Database Vulnerabilities #VU38942

Information disclosure in OnCommand Unified Manager Core Package - CVE-2017-7439

Published: May 26, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38942

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7439

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: NetApp

Affected software:
OnCommand Unified Manager Core Package

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.

How to mitigate CVE-2017-7439

Install update from vendor's website.

Sources

https://kb.netapp.com/support/s/article/NTAP-20170517-0002

Information disclosure in OnCommand Unified Manager Core Package - CVE-2017-7439

Detailed vulnerability description

How to mitigate CVE-2017-7439

Sources

Please verify you're human