What are you looking for ?
Advertise with us
Advertise with us

NetApp Security Advisory CVE-2021-27002 Sensitive Information Disclosure Vulnerability in Cloud Manager

Versions prior to 3.9.10 are susceptible to vulnerability which could allow remote unauthenticated attacker to retrieve sensitive data via web proxy.

NetApp, Inc. has published a security advisory concerning a sensitive information disclosure vulnerability in NetApp Cloud Manager.

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.

Advisory ID: NTAP-20211011-0001

Version: 1.0

Last updated: 10/11/2021

Status: Final.

CVEs: CVE-2021-27002

Summary
Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.

After upgrading existing Cloud Manager installations to a fixed version run the command ‘yum remove squid -y’ to uninstall the web proxy.

Fresh installations of fixed versions of Cloud Manager do not include the web proxy.

Impact
Successful exploitation of this vulnerability could lead to disclosure of sensitive information.

Vulnerability scoring details

CVE Score Vector
CVE-2021-27002 7.5 (HIGH) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation and public announcements
The company is aware of public discussion of this vulnerability.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E