What is CVE-2017-14053?

CVE-2017-14053 is a high-severity vulnerability in Netapp Oncommand_unified_manager_for_clustered_data_ontap, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-09-01.

How severe is CVE-2017-14053?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Netapp Oncommand_unified_manager_for_clustered_data_ontap

CVE-2017-14053

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transm…

Vulnerability class: Information Disclosure

EPSS: 0.003 (53.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Netapp Oncommand_unified_manager_for_clustered_data_ontap
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-14053?: CVE-2017-14053 is a high-severity vulnerability in Netapp Oncommand_unified_manager_for_clustered_data_ontap, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-09-01.
How severe is CVE-2017-14053?: High severity. CVSS v3 base score is 7.5 out of 10.