NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
2020-01-29T22:15:11.347
2024-11-21T01:53:23.480
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | netapp | oncommand_system_manager | ≤ 2.1 | Yes |