CVE-2017-15518 - OpenCVE

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Oncommand Api Services Service Level Manager

Configuration 1 [-]

OR	cpe:2.3:a:netapp:oncommand_api_services::::::::
	cpe:2.3:a:netapp:service_level_manager::::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc1::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc2::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc3::::::

References

Link	Resource
https://security.netapp.com/advisory/NTAP-20180223-0001/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: netapp

Published: 2018-02-23T00:00:00

Updated: 2018-02-23T22:57:01

Reserved: 2017-10-17T00:00:00

Link: CVE-2017-15518

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-02-23T23:29:00.343

Modified: 2021-05-11T18:22:02.713

Link: CVE-2017-15518

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "OnCommand API Services and NetApp Service Level Manager", "vendor": "NetApp ", "versions": [{"status": "affected", "version": "Versions prior to 2.1 and 1.0RC4"}]}], "datePublic": "2018-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}], "problemTypes": [{"descriptions": [{"description": "CWE 311", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-23T22:57:01", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "DATE_PUBLIC": "2018-02-23T00:00:00", "ID": "CVE-2017-15518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OnCommand API Services and NetApp Service Level Manager", "version": {"version_data": [{"version_value": "Versions prior to 2.1 and 1.0RC4"}]}}]}, "vendor_name": "NetApp "}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE 311"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/NTAP-20180223-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}]}}}}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2017-15518", "datePublished": "2018-02-23T00:00:00", "dateReserved": "2017-10-17T00:00:00", "dateUpdated": "2018-02-23T22:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_api_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA0BED1-643B-4A26-8D13-42FD779C0B3D", "versionEndIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EB1BE30-F7FB-4FD8-A3B4-8D53A4EF56E9", "versionEndIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B4D72396-C484-4B19-9E30-ADE3012C019C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80A266E2-11F0-4654-8553-0E88C3EA4188", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "450C4C6E-FFCE-44A9-8556-BA52B39EC012", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}, {"lang": "es", "value": "Todas las versiones de OnCommand API Services, en versiones anteriores a la 2.1 y NetApp Service Level Manager, en versiones anteriores a la 1.0RC4, registran una contrase\u00f1a de cuenta de usuario de base de datos privilegiada. Se recomienda encarecidamente que todos los usuarios empleen una versi\u00f3n solucionada. Debido a que la contrase\u00f1a afectada se cambia en cada actualizaci\u00f3n/instalaci\u00f3n, no es necesario realizar m\u00e1s acciones."}], "id": "CVE-2017-15518", "lastModified": "2021-05-11T18:22:02.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-23T23:29:00.343", "references": [{"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}