Vulnerabilities > CVE-2013-3321 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

netapp

CWE-829

NVD

Published: 2020-01-29

Updated: 2020-01-31

Summary

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Oncommand System Manager - Netapp Oncommand System Manager 2.0.2 Netapp Oncommand System Manager 2.1	3

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Packetstorm

data source	https://packetstormsecurity.com/files/download/121546/SA-20130507-0.txt
id	PACKETSTORM:121546
last seen	2016-12-05
published	2013-05-07
reporter	M. Heinzl
source	https://packetstormsecurity.com/files/121546/NetApp-OnCommand-System-Manager-2.1-2.0.2-XSS-File-Inclusion-Command-Execution.html
title	NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References