CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
netappCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
netappclustered_data_ontap
𝑥
< 9.3
netappclustered_data_ontap
9.4 ≤
𝑥
< 9.5
netappclustered_data_ontap
9.3
netappclustered_data_ontap
9.3:p1
netappclustered_data_ontap
9.3:p10
netappclustered_data_ontap
9.3:p2
netappclustered_data_ontap
9.3:p3
netappclustered_data_ontap
9.3:p4
netappclustered_data_ontap
9.3:p5
netappclustered_data_ontap
9.3:p6
netappclustered_data_ontap
9.3:p7
netappclustered_data_ontap
9.3:p8
netappclustered_data_ontap
9.3:p9
netappclustered_data_ontap
9.3:rc1
netappclustered_data_ontap
9.5
netappclustered_data_ontap
9.5:p1
netappclustered_data_ontap
9.5:p6
netappclustered_data_ontap
9.5:p8
netappclustered_data_ontap
9.5:p9
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20210201-0002/
https://security.netapp.com/advisory/ntap-20210201-0002/