CVE-2017-7236

HIGH

NetApp OnCommand Unified Manager Core Package <5.2.2P1 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kb.netapp.com/support/s/article/NTAP-20170517-0001

Scores

CVSS v3 7.5
EPSS 0.0179
EPSS Percentile 75.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (7)
netapp/oncommand_unified_manager_core_package 5.0
netapp/oncommand_unified_manager_core_package 5.0.1
netapp/oncommand_unified_manager_core_package 5.0.2
netapp/oncommand_unified_manager_core_package 5.1
netapp/oncommand_unified_manager_core_package 5.2
netapp/oncommand_unified_manager_core_package 5.2.1
netapp/oncommand_unified_manager_core_package 5.2.2
Published May 26, 2017
Tracked Since Feb 18, 2026