Vulnerabilities > CVE-2016-6904 - Credentials Management vulnerability in Netapp Vasa Provider

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.

Vulnerable Configurations

Part Description Count
Application
Netapp
1

Common Weakness Enumeration (CWE)