CVE-2022-23236
First published: Wed Jun 01 2022(Updated: )
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.
Credit: security-alert@netapp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetApp E-Series SANtricity OS Controller | >=11.40<=11.70.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2022-23236.
What is the title of this vulnerability?
The title of this vulnerability is 'E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.'
What is the severity level of CVE-2022-23236?
The severity level of CVE-2022-23236 is medium with a CVSS score of 4.4.
How does CVE-2022-23236 affect NetApp E-Series SANtricity OS Controller?
CVE-2022-23236 affects NetApp E-Series SANtricity OS Controller versions 11.40 through 11.70.2.
Is there a fix available for CVE-2022-23236?
Yes, NetApp has released a fix for CVE-2022-23236. Please refer to the advisory linked in the references for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/netapp
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.40
- version/netapp e-series santricity os controller/11.70.2