CVE-2017-15518 - OpenCVE

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Oncommand Api Services Service Level Manager

Configuration 1 [-]

OR	cpe:2.3:a:netapp:oncommand_api_services::::::::
	cpe:2.3:a:netapp:service_level_manager::::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc1::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc2::::::
	cpe:2.3:a:netapp:service_level_manager:1.0:rc3::::::

No data.

References

Link	Providers
https://security.netapp.com/advisory/NTAP-20180223-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2018-02-23T23:00:00Z

Updated: 2024-09-17T00:25:51.381Z

Reserved: 2017-10-17T00:00:00

Link: CVE-2017-15518

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-02-23T23:29:00.343

Modified: 2021-05-11T18:22:02.713

Link: CVE-2017-15518

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OnCommand API Services and NetApp Service Level Manager", "vendor": "NetApp", "versions": [{"status": "affected", "version": "Versions prior to 2.1 and 1.0RC4"}]}], "datePublic": "2018-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}], "problemTypes": [{"descriptions": [{"description": "CWE 311", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-23T22:57:01", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "DATE_PUBLIC": "2018-02-23T00:00:00", "ID": "CVE-2017-15518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OnCommand API Services and NetApp Service Level Manager", "version": {"version_data": [{"version_value": "Versions prior to 2.1 and 1.0RC4"}]}}]}, "vendor_name": "NetApp"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE 311"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/NTAP-20180223-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:26.115Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2017-15518", "datePublished": "2018-02-23T23:00:00Z", "dateReserved": "2017-10-17T00:00:00", "dateUpdated": "2024-09-17T00:25:51.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_api_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA0BED1-643B-4A26-8D13-42FD779C0B3D", "versionEndIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EB1BE30-F7FB-4FD8-A3B4-8D53A4EF56E9", "versionEndIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B4D72396-C484-4B19-9E30-ADE3012C019C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80A266E2-11F0-4654-8553-0E88C3EA4188", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "450C4C6E-FFCE-44A9-8556-BA52B39EC012", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required."}, {"lang": "es", "value": "Todas las versiones de OnCommand API Services, en versiones anteriores a la 2.1 y NetApp Service Level Manager, en versiones anteriores a la 1.0RC4, registran una contrase\u00f1a de cuenta de usuario de base de datos privilegiada. Se recomienda encarecidamente que todos los usuarios empleen una versi\u00f3n solucionada. Debido a que la contrase\u00f1a afectada se cambia en cada actualizaci\u00f3n/instalaci\u00f3n, no es necesario realizar m\u00e1s acciones."}], "id": "CVE-2017-15518", "lastModified": "2021-05-11T18:22:02.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-23T23:29:00.343", "references": [{"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}