CVE-2017-8919

EUVD-2017-17859
NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
netapponcommand_api_services
𝑥
≤ 1.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/99957
https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001
http://www.securityfocus.com/bid/99957
https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001