Lucene search

NetappCVELIST:CVE-2023-27315

HistoryOct 12, 2023 - 1:56 p.m.

CVE-2023-27315 Information Disclosure Vulnerability in SnapGathers

2023-10-1213:56:38

CWE-256

netapp

www.cve.org

snapgathers

vulnerability

discovery

domain user

credentials

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local authenticated attacker to discover plaintext
domain user credentials

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SnapGathers ",
    "vendor": "NetApp",
    "versions": [
      {
        "lessThan": "4.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20231009-0002/

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-27315