NetApp Security Advisory CVE-2021-27003 X-Frame-Options Header Vulnerability in Clustered Data ONTAP
Versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing X-Frame-Options header which could allow clickjacking attack.
This is a Press Release edited by StorageNewsletter.com on October 18, 2021 at 2:01 pmNetApp, Inc. has published a security advisory concerning a X-Frame-options header vulnerability in clustered data ONTAP.
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.
Advisory ID: NTAP-20211012-0001
Version: 1.0
Last updated: 10/12/2021
Status: Final.
CVEs: CVE-2021-27003
Summary
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
Impact
Successful exploitation of this vulnerability could allow a clickjacking attack.
Vulnerability scoring details
|
CVE |
Score |
Vector |
|---|---|---|
|
6.5 (MEDIUM) |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Exploitation and public announcements
The company is aware of public discussion of this vulnerability.
Subscribe to our free daily newsletter
