NetApp Security Advisory CVE-2021-27002 Sensitive Information Disclosure Vulnerability in Cloud Manager
Versions prior to 3.9.10 are susceptible to vulnerability which could allow remote unauthenticated attacker to retrieve sensitive data via web proxy.
This is a Press Release edited by StorageNewsletter.com on October 20, 2021 at 2:01 pmNetApp, Inc. has published a security advisory concerning a sensitive information disclosure vulnerability in NetApp Cloud Manager.
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.
Advisory ID: NTAP-20211011-0001
Version: 1.0
Last updated: 10/11/2021
Status: Final.
CVEs: CVE-2021-27002
Summary
Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
After upgrading existing Cloud Manager installations to a fixed version run the command ‘yum remove squid -y’ to uninstall the web proxy.
Fresh installations of fixed versions of Cloud Manager do not include the web proxy.
Impact
Successful exploitation of this vulnerability could lead to disclosure of sensitive information.
Vulnerability scoring details
| CVE | Score | Vector |
|---|---|---|
| CVE-2021-27002 | 7.5 (HIGH) | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Exploitation and public announcements
The company is aware of public discussion of this vulnerability.
Subscribe to our free daily newsletter
