NetApp ONTAP 9.4+ Object-Store Profiler Sensitive Info Disclosure
CVE-2024-21982 Published on January 12, 2024
CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
ONTAP versions 9.4 and higher are susceptible to a vulnerability
which when successfully exploited could lead to disclosure of sensitive
information to unprivileged attackers when the object-store profiler
command is being run by an administrative user.
Vulnerability Analysis
CVE-2024-21982 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2024-21982
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-21982 are published in these products:
Affected Versions
NetApp ONTAP 9 :- Version 9.4 and below 9.8P21 is affected.
- Version 9.9.1 and below 9.9.1P18 is affected.
- Version 9.10.1 and below 9.10.1P16 is affected.
- Version 9.11.1 and below 9.11.1P13 is affected.
- Version 9.12.1 and below 9.12.1P8 is affected.
- Version 9.13.1 and below 9.13.1P4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.