CVE-2019-5495

HIGH

OnCommand Unified Manager < 9.5 - Information Disclosure via Missing HTTP Security Headers

Title source: llm
STIX 2.1

Description

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190509-0007/

Scores

CVSS v3 7.5
EPSS 0.0029
EPSS Percentile 52.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-254
Status published
Products (1)
netapp/oncommand_unified_manager < 9.5 (3 CPE variants)
Published May 10, 2019
Tracked Since Feb 18, 2026