Search criteria
7 vulnerabilities found for ONTAP Select Deploy administration utility by NetApp
CERTFR-2024-AVI-0947
Vulnerability from certfr_avis - Published: 2024-11-06 - Updated: 2024-11-06
Une vulnérabilité a été découverte dans NetApp ONTAP Select Deploy administration utility. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.15.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.15.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-20900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20900"
}
],
"initial_release_date": "2024-11-06T00:00:00",
"last_revision_date": "2024-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0947",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans NetApp ONTAP Select Deploy administration utility. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans NetApp ONTAP Select Deploy administration utility",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20231013-0002",
"url": "https://security.netapp.com/advisory/ntap-20231013-0002/"
}
]
}
CERTFR-2024-AVI-0615
Vulnerability from certfr_avis - Published: 2024-07-22 - Updated: 2024-07-22
Une vulnérabilité a été découverte dans les produits NetApp. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.15.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.15.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
}
],
"initial_release_date": "2024-07-22T00:00:00",
"last_revision_date": "2024-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0615",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits NetApp. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2024-07-19",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0002",
"url": "https://security.netapp.com/advisory/ntap-20220331-0002/"
}
]
}
CERTFR-2024-AVI-0380
Vulnerability from certfr_avis - Published: 2024-05-10 - Updated: 2024-05-10
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility | ONTAP Select Deploy administration utility versions antérieures à 9.14.1 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows versions antérieures à 9.12 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions antérieures à 9.10 | ||
| NetApp | N/A | NetApp Cloud Backup toutes versions | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.14.1",
"product": {
"name": "ONTAP Select Deploy administration utility",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows versions ant\u00e9rieures \u00e0 9.12",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere versions ant\u00e9rieures \u00e0 9.10",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp Cloud Backup toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S et H410C toutes versions",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3631"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2021-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4090"
},
{
"name": "CVE-2021-3667",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3667"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
}
],
"initial_release_date": "2024-05-10T00:00:00",
"last_revision_date": "2024-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0380",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits NetApp\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220331-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220318-0010 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220318-0010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20220419-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20220419-0005/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0006 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20211104-0005 du 09 mai 2024",
"url": "https://security.netapp.com/advisory/ntap-20211104-0005/"
}
]
}
CVE-2024-21990 (GCVE-0-2024-21990)
Vulnerability from cvelistv5 – Published: 2024-04-17 19:35 – Updated: 2024-08-01 22:35
VLAI?
Title
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility
Summary
ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an
attacker to view Deploy configuration information and modify the
account credentials.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Affected:
9.12.1 , ≤ 9.14.1P2
(patch)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.12.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.13.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:34:29.517252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:30.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "9.14.1P2",
"status": "affected",
"version": "9.12.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T19:35:23.599Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"source": {
"advisory": "NTAP-20240411-0002",
"discovery": "UNKNOWN"
},
"title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2024-21990",
"datePublished": "2024-04-17T19:35:23.599Z",
"dateReserved": "2024-01-03T19:45:25.346Z",
"dateUpdated": "2024-08-01T22:35:34.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21989 (GCVE-0-2024-21989)
Vulnerability from cvelistv5 – Published: 2024-04-17 19:32 – Updated: 2024-08-01 22:35
VLAI?
Title
Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility
Summary
ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when
successfully exploited could allow a read-only user to escalate their
privileges.
Severity ?
8.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Affected:
9.12.1 , ≤ 9.14.1P2
(patch)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:9.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ontap_select_deploy_administration_utility",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "9.14.1p2",
"status": "affected",
"version": "9.12.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T20:34:47.966458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:50:11.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240411-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "9.14.1P2",
"status": "affected",
"version": "9.12.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when \nsuccessfully exploited could allow a read-only user to escalate their \nprivileges.\n\n"
}
],
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when \nsuccessfully exploited could allow a read-only user to escalate their \nprivileges.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T19:32:34.598Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240411-0001/"
}
],
"source": {
"advisory": "NTAP-20240411-0001",
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2024-21989",
"datePublished": "2024-04-17T19:32:34.598Z",
"dateReserved": "2024-01-03T19:45:25.346Z",
"dateUpdated": "2024-08-01T22:35:34.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17272 (GCVE-0-2019-17272)
Vulnerability from cvelistv5 – Published: 2019-11-21 15:40 – Updated: 2024-08-05 01:33
VLAI?
Summary
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T15:40:03.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2019-17272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONTAP Select Deploy administration utility",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20191121-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191121-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2019-17272",
"datePublished": "2019-11-21T15:40:03.000Z",
"dateReserved": "2019-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5509 (GCVE-0-2019-5509)
Vulnerability from cvelistv5 – Published: 2019-11-21 15:33 – Updated: 2024-08-04 20:01
VLAI?
Summary
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
Severity ?
No CVSS data available.
CWE
- Remote Code Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Affected:
2.11.2 through 2.12.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:50.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "2.11.2 through 2.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T15:33:19.000Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"ID": "CVE-2019-5509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONTAP Select Deploy administration utility",
"version": {
"version_data": [
{
"version_value": "2.11.2 through 2.12.2"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20191121-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191121-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2019-5509",
"datePublished": "2019-11-21T15:33:19.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:50.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}