CVE-2016-6904

HIGH

8.1

CVSS Severity Score

EPSS Score0.0800%

EPSS Percentile11.55th

PublishedDec 11, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.

Affected Platforms (CPE)

📦

Netapp

Vasa Provider

<= 7.0

References & Advisories

🔗 https://security.netapp.com/advisory/ntap-20171208-0002/

Related Vulnerabilities

CVE-2017-49979.8

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could...

CVE-2018-11839.8

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions ...

CVE-2016-045110.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...

CVE-2016-045210.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...