Vulnerabilities > CVE-2016-6904 - Credentials Management vulnerability in Netapp Vasa Provider 6.0/6.X/7.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

netapp

CWE-255

NVD

Published: 2017-12-11

Updated: 2017-12-29

Summary

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Vasa Provider 6.0 Netapp Vasa Provider 6.X Netapp Vasa Provider 7.0	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://security.netapp.com/advisory/ntap-20171208-0002/