CVE-2020-8587
First published: Mon Feb 08 2021(Updated: )
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.
Credit: security-alert@netapp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetApp OnCommand System Manager | >=9.0<9.3 | |
| NetApp OnCommand System Manager | =9.3 | |
| NetApp OnCommand System Manager | =9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-8587.
Which versions of OnCommand System Manager are affected by this vulnerability?
OnCommand System Manager versions prior to 9.3P20 and 9.4 prior to 9.4P3 are affected by this vulnerability.
How severe is this vulnerability?
This vulnerability has a severity rating of medium with a CVSS score of 5.5.
What is the impact of this vulnerability?
This vulnerability could allow HTTP clients to cache sensitive responses, making them accessible to an attacker who has access to the system where the client runs.
How can I fix this vulnerability?
To fix this vulnerability, upgrade OnCommand System Manager to version 9.3P20 or 9.4P3 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/netapp
- canonical/netapp oncommand system manager
- version/netapp oncommand system manager/9.0
- version/netapp oncommand system manager/9.3
- version/netapp oncommand system manager/9.4