Description
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kb.netapp.com/support/s/article/cve-2015-8020-default-privileged-account-credentials-vulnerability-in-in-clustered-data-ontap?language=en_US
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92329
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20160802-0001/
Scores
CVSS v3
3.7
EPSS
0.0135
EPSS Percentile
68.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
netapp/clustered_data_ontap
8.0
netapp/clustered_data_ontap
8.3.1
netapp/clustered_data_ontap
8.3.2
Published
Jan 11, 2017
Tracked Since
Feb 18, 2026