First published: Fri May 10 2019(Updated: )
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Credit: security-alert@netapp.com
Affected Software | Affected Version | How to fix |
---|---|---|
Netapp Oncommand Unified Manager Linux | <9.5 | |
Netapp Oncommand Unified Manager Vmware Vsphere | <9.5 | |
Netapp Oncommand Unified Manager Windows | <9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the OnCommand Unified Manager for VMware vSphere Linux and Windows is CVE-2019-5495.
The severity level of CVE-2019-5495 is high with a score of 7.5.
CVE-2019-5495 allows an attacker to obtain sensitive information via unspecified vectors by exploiting the lack of certain HTTP Security headers configured in the software.
The versions prior to 9.5 of OnCommand Unified Manager for VMware vSphere Linux and Windows are affected by CVE-2019-5495.
To fix CVE-2019-5495 in OnCommand Unified Manager for VMware vSphere Linux and Windows, it is recommended to update to version 9.5 or later which includes the necessary HTTP Security headers configuration.