Arbitrary File Inclusion Vulnerability in NetApp OnCommand System Manager 2.1 and Earlier

Arbitrary File Inclusion Vulnerability in NetApp OnCommand System Manager 2.1 and Earlier

CVE-2013-3321 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

Learn more about our Web Application Penetration Testing UK.