**Lenovo Security Advisory:**LEN-59179
**Potential Impact:**Information disclosure, denial of service
**Severity:**Medium
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2021-26988, CVE-2021-26989
Summary Description:
NetApp reported the following vulnerabilities in NetApp Clustered Data ONTAP.
CVE-2021-26988: NetApp Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
CVE-2021-26989: NetApp Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
Mitigation Strategy for Customers (what you should do to protect yourself):
NetApp recommends updating to the appropriate NetApp Clustered Data ONTAP version for your product as indicated in the Product Impact section below.