CVE-2024-21990

MEDIUM

ONTAP Select Deploy <9.14.1.x - Info Disclosure

Title source: llm

Description

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

References (1)

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240411-0002/

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

netapp/ontap_select_deploy_administration_utility 9.12.1 - 9.14.1

Published Apr 17, 2024

Tracked Since Feb 18, 2026