Netapp: >> Oncommand Api Services >> 1.1 Security Vulnerabilities
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-02-23
NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-07-25