CVE-2019-5496

HIGH

NetApp OnCommand Insight < 7.3.5 - Cleartext Transmission of Sensitive Information

Title source: llm
STIX 2.1

Description

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190509-0005/

Scores

CVSS v3 7.5
EPSS 0.0070
EPSS Percentile 49.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-319
Status published
Products (1)
netapp/oncommand_insight < 7.3.5
Published May 10, 2019
Tracked Since Feb 18, 2026