// For flags

CVE-2018-5481

 

Severity Score

7.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.

OnCommand Unified Manager para 7-Mode (paquete core) en versiones anteriores a la 5.2.4 utiliza las cookies que carecen del atributo secure en algunas circunstancias, haciĆ©ndolo vulnerable a suplantaciĆ³n mediante ataques de Man-in-the-Middle (MitM).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-12 CVE Reserved
  • 2019-01-07 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-311: Missing Encryption of Sensitive Data
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://security.netapp.com/advisory/ntap-20190104-0001 2019-10-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
 Oncommand Unified Manager
Search vendor "Netapp" for product "Oncommand Unified Manager"
 < 5.2.4
Search vendor "Netapp" for product "Oncommand Unified Manager" and version " < 5.2.4"
-
Affected