Vulnerabilities > CVE-2017-8919 - Unspecified vulnerability in Netapp Oncommand API Services 1.0/1.1/1.2

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

netapp

NVD

Published: 2017-07-25

Updated: 2021-05-11

Summary

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Oncommand API Services - Netapp Oncommand API Services 1.0 Netapp Oncommand API Services 1.1 Netapp Oncommand API Services 1.2	4

References

https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001
http://www.securityfocus.com/bid/99957