CVE-2017-14053
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
NetApp OnCommand Unified Manager para Clustered Data ONTAP en versiones anteriores a la 7.2P1 no establece la marca segura para una cookie sin especificar en una sesión HTTPS, lo que facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-31 CVE Reserved
- 2017-09-01 CVE Published
- 2024-05-14 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.netapp.com/support/s/article/NTAP-20170831-0001 | 2017-09-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Oncommand Unified Manager For Clustered Data Ontap Search vendor "Netapp" for product "Oncommand Unified Manager For Clustered Data Ontap" | <= 7.2 Search vendor "Netapp" for product "Oncommand Unified Manager For Clustered Data Ontap" and version " <= 7.2" | - |
Affected
| ||||||