Vulnerabilities > CVE-2013-3321 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

netapp

CWE-829

NVD

Published: 2020-01-29

Updated: 2020-01-31

Summary

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Oncommand System Manager - Netapp Oncommand System Manager 2.0.2 Netapp Oncommand System Manager 2.1	3

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Packetstorm

data source	https://packetstormsecurity.com/files/download/121546/SA-20130507-0.txt
id	PACKETSTORM:121546
last seen	2016-12-05
published	2013-05-07
reporter	M. Heinzl
source	https://packetstormsecurity.com/files/121546/NetApp-OnCommand-System-Manager-2.1-2.0.2-XSS-File-Inclusion-Command-Execution.html
title	NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References