NetApp OnCommand System Manager 9.x Vulnerability - Lenovo Support NL

**Lenovo Security Advisory:**LEN-58436

**Potential Impact:**Information disclosure

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-8587

Summary Description:

NetApp OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating OnCommand System Manager to the version (or higher) as indicated for your model in the Product Impact section below.