CVE-2024-21982

ONTAP versions 9.4 and higher are susceptible to a vulnerability 
which when successfully exploited could lead to disclosure of sensitive 
information to unprivileged attackers when the object-store profiler 
command is being run by an administrative user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
netappCNA
4.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
netappclustered_data_ontap
9.4 ≤
𝑥
< 9.8
netappclustered_data_ontap
9.8
netappclustered_data_ontap
9.9.1
netappclustered_data_ontap
9.10.1
netappclustered_data_ontap
9.11.1
netappclustered_data_ontap
9.12.1
netappclustered_data_ontap
9.13.1
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20240111-0001/
https://security.netapp.com/advisory/ntap-20240111-0001/