ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a
vulnerability which will cause all SAS-attached FIPS 140-2 drives to
become unlocked after a system reboot or power cycle or a single
SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This
could lead to disclosure of sensitive information to an attacker with
physical access to the unlocked drives.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-12-15
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-03-30
Page 3