CVE-2018-5481

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.

Published : 2019-01-07 14:29 Updated : 2019-10-03 00:03

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Netapp Oncommand Unified Manager - cpe:/a:netapp:oncommand_unified_manager:-::~~~vsphere~~
Netapp Oncommand Unified Manager 5.1 cpe:/a:netapp:oncommand_unified_manager:5.1
Netapp Oncommand Unified Manager 5.2.1 cpe:/a:netapp:oncommand_unified_manager:5.2.1
Netapp Oncommand Unified Manager 5.2.2 cpe:/a:netapp:oncommand_unified_manager:5.2.2
Netapp Oncommand Unified Manager 5.2.3 cpe:/a:netapp:oncommand_unified_manager:5.2.3
  1. Netapp (1) Search CVE
    1. Oncommand Unified Manager (5) Search CVE
      1. -
      2. 5.1
      3. 5.2.1
      4. 5.2.2
      5. 5.2.3

CWE

ID Name Description Links
CWE-311 Missing Encryption of Sensitive Data The software does not encrypt sensitive or critical information before storage or transmission. CVE

History of changes

Date Event
2019-10-03 00:03
2019-01-30 19:20
2019-01-07 14:29

New CVE