Vulnerabilities > CVE-2013-3321 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
netapp
CWE-829

Summary

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/121546/SA-20130507-0.txt
idPACKETSTORM:121546
last seen2016-12-05
published2013-05-07
reporterM. Heinzl
sourcehttps://packetstormsecurity.com/files/121546/NetApp-OnCommand-System-Manager-2.1-2.0.2-XSS-File-Inclusion-Command-Execution.html
titleNetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution