Lucene search

[email protected]CVE-2022-38732

HistorySep 29, 2022 - 3:15 p.m.

CVE-2022-38732

2022-09-2915:15:09

[email protected]

web.nvd.nist.gov

cve-2022-38732

snapcenter

content security policy

csp

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.2%

JSON

SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.

Affected configurations

NVD

Node

netappsnapcenterRange<4.7

CPENameOperatorVersion
netapp:snapcenternetapp snapcenterlt4.7

CPE	Name	Operator	Version
netapp:snapcenter	netapp snapcenter	lt	4.7

CNA Affected

[
  {
    "product": "SnapCenter",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 4.7"
      }
    ]
  }
]

References

security.netapp.com/advisory/NTAP-20220926-0001/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.2%

JSON

Related for CVE-2022-38732

cvelist1 prion1 nvd1