CVE-2013-3321

HIGH

NetApp OnCommand System Manager <2.1 - File Inclusion

Title source: llm

Description

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

References (2)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84062

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/archive/1/526552

Scores

CVSS v3 7.5

EPSS 0.0091

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-829

Status published

Products (1)

netapp/oncommand_system_manager < 2.1

Published Jan 29, 2020

Tracked Since Feb 18, 2026