NetApp Clustered Data ONTAP up to 9.3P19/9.5P14 information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in NetApp Clustered Data ONTAP up to 9.3P19/9.5P14. This vulnerability affects an unknown code block of the component Data Handler. Applying the patch 9.3P20/9.5P15 is able to eliminate this problem.

Field02/04/2021 10:41 AM02/23/2021 01:10 PM
vendorNetAppNetApp
nameClustered Data ONTAPClustered Data ONTAP
version<=9.3P19/9.5P14<=9.3P19/9.5P14
componentData HandlerData Handler
cwe200 (information disclosure)200 (information disclosure)
risk11
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifierntap-20210201-0002ntap-20210201-0002
urlhttps://security.netapp.com/advisory/ntap-20210201-0002/https://security.netapp.com/advisory/ntap-20210201-0002/
namePatchPatch
patch_name9.3P20/9.5P159.3P20/9.5P15
cveCVE-2020-8589CVE-2020-8589
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.32.0
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.4
price_0day$0-$5k$0-$5k
cve_assigned1580684400
cve_nvd_summaryClustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
confirm_urlhttps://security.netapp.com/advisory/ntap-20210201-0002/

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!