CVE-2016-6904
First published: Mon Dec 11 2017(Updated: )
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
Credit: security-alert@netapp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netapp Vasa Provider Clustered Data Ontap | <=7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-6904?
CVE-2016-6904 is a vulnerability found in versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1.
What is the severity of CVE-2016-6904?
The severity of CVE-2016-6904 is high with a severity value of 8.1.
How does CVE-2016-6904 affect Netapp Vasa Provider?
CVE-2016-6904 affects Netapp Vasa Provider versions prior to 7.0P1.
How does CVE-2016-6904 impact security?
CVE-2016-6904 allows an unauthenticated attacker to obtain authentication credentials.
Is there a fix for CVE-2016-6904?
Yes, the fix for CVE-2016-6904 is to update to version 7.0P1 or later of VASA Provider for Clustered Data ONTAP.
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/netapp
- canonical/netapp vasa provider clustered data ontap
- version/netapp vasa provider clustered data ontap/7.0