CVE-2017-8919

MEDIUM

NetApp OnCommand API Services <1.2P3 - Info Disclosure

Title source: llm
STIX 2.1

Description

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99957

Scores

CVSS v3 6.5
EPSS 0.0134
EPSS Percentile 68.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
netapp/oncommand_api_services < 1.2
Published Jul 25, 2017
Tracked Since Feb 18, 2026