Description
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84062
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/archive/1/526552
Scores
CVSS v3
7.5
EPSS
0.0225
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-829
Status
published
Products (1)
netapp/oncommand_system_manager
< 2.1
Published
Jan 29, 2020
Tracked Since
Feb 18, 2026