Vulnerabilities > CVE-2013-3321 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/121546/SA-20130507-0.txt
idPACKETSTORM:121546
last seen2016-12-05
published2013-05-07
reporterM. Heinzl
sourcehttps://packetstormsecurity.com/files/121546/NetApp-OnCommand-System-Manager-2.1-2.0.2-XSS-File-Inclusion-Command-Execution.html
titleNetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution