NetApp Clustered Data ONTAP Vulnerabilities - Lenovo Support NL

**Lenovo Security Advisory:**LEN-59179

**Potential Impact:**Information disclosure, denial of service

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2021-26988, CVE-2021-26989

Summary Description:

NetApp reported the following vulnerabilities in NetApp Clustered Data ONTAP.

CVE-2021-26988: NetApp Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.

CVE-2021-26989: NetApp Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating to the appropriate NetApp Clustered Data ONTAP version for your product as indicated in the Product Impact section below.