CVE-2018-5482
First published: Mon Mar 04 2019(Updated: )
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
Credit: security-alert@netapp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetApp SnapCenter Server | <4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NetApp SnapCenter Server vulnerability?
The vulnerability ID for this NetApp SnapCenter Server vulnerability is CVE-2018-5482.
What is the title of this NetApp SnapCenter Server vulnerability?
The title of this NetApp SnapCenter Server vulnerability is 'NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTP session'.
What is the severity of CVE-2018-5482?
The severity of CVE-2018-5482 is medium with a severity value of 5.3.
What is the affected software for CVE-2018-5482?
The affected software for CVE-2018-5482 is NetApp SnapCenter Server prior to version 4.1.
How can the vulnerability be exploited?
The vulnerability can be exploited by intercepting the transmission of the sensitive cookie in plain text over an unencrypted channel.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/netapp
- canonical/netapp snapcenter server