CVE-2015-7886

low-risk

Published 2016-01-18

NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

Do I need to act?

0.39% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Data Ontap

Affected Vendors

Netapp

References (4)

Patch http://kb.netapp.com/support/index?page=content&id=9010055

https://security.netapp.com/advisory/ntap-20160114-0002/

Patch http://kb.netapp.com/support/index?page=content&id=9010055

https://security.netapp.com/advisory/ntap-20160114-0002/

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal