Vulnerabilities > CVE-2021-26988 - Missing Authorization vulnerability in Netapp Data Ontap

CVSS 2.7 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

netapp

CWE-862

NVD

Published: 2021-03-04

Updated: 2021-03-18

Summary

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.

Vulnerable Configurations

Part	Description	Count
OS	Netapp Netapp Data Ontap 9.3.0 Netapp Data Ontap 9.5.0 Netapp Data Ontap 9.6.0 Netapp Data Ontap 9.7.0 Netapp Data Ontap 9.8.0	58

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://security.netapp.com/advisory/NTAP-20210303-0001