CVE-2024-21982
Published Jan 12, 2024
Last updated 10 months ago
Overview
- Description
- ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.
- Source
- security-alert@netapp.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1AAAB2B-2589-4946-BBDD-A873D19326F2",
"versionEndExcluding": "9.8",
"versionStartIncluding": "9.4"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ABBF729-6A69-4CEC-9B3E-735C45D3069E"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.9.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A6A96D7-45B2-46BE-8894-6DC3F565A8A4"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.10.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21C64ED1-485F-4CCF-8114-70B2987B6674"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.11.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FA41D1E-1184-448E-A5E4-7F8FDAACC638"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E7FAAAB-2BE5-4173-8CC6-669A9D29D446"
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D704DC8-A679-4293-81CE-70F4FEE89530"
}
],
"operator": "OR"
}
]
}
]