CVE-2008-3349 - Vulnerability Details - OpenCVE

Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	N Series Storage Server
Netapp	Data Ontap Fas900

Configuration 1 [-]

AND

cpe:2.3:o:netapp:data_ontap:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:n_series_storage_server::::::::
	cpe:2.3:h:netapp:fas900::::::::

No data.

References

Link	Providers
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml
http://www.kb.cert.org/vuls/id/329772
https://exchange.xforce.ibmcloud.com/vulnerabilities/44265

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-28T17:00:00

Updated: 2024-08-07T09:37:26.728Z

Reserved: 2008-07-28T00:00:00

Link: CVE-2008-3349

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-07-28T17:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3349

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml"}, {"tags": ["x_refsource_MISC"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml"}, {"tags": ["x_refsource_MISC"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml"}, {"name": "netapp-dataontap-multiple-unspecified(44265)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44265"}, {"name": "VU#329772", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/329772"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml", "refsource": "MISC", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml"}, {"name": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml", "refsource": "MISC", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml"}, {"name": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml", "refsource": "MISC", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml"}, {"name": "netapp-dataontap-multiple-unspecified(44265)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44265"}, {"name": "VU#329772", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/329772"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:37:26.728Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml"}, {"name": "netapp-dataontap-multiple-unspecified(44265)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44265"}, {"name": "VU#329772", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/329772"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3349", "datePublished": "2008-07-28T17:00:00", "dateReserved": "2008-07-28T00:00:00", "dateUpdated": "2024-08-07T09:37:26.728Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB1769F0-3E4B-417C-8694-BAB19BB0C432", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:n_series_storage_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8579FF83-E9DA-4C60-8BC6-8D08F23430FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:netapp:fas900:*:*:*:*:*:*:*:*", "matchCriteriaId": "6432E6DB-B386-4852-A93F-7F8260E0171D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en NetApp Data ONTAP, usados sobre NetApp y plataformas IBM eServer, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n que pueden provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema), u obtener informaci\u00f3n sensible. Probablemente relacionado con un acceso insuficiente sobre las peticiones HTTP. NOTA: esta vulnerabilidad puede solaparse con CVE-2008-3160."}], "id": "CVE-2008-3349", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-28T17:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml"}, {"source": "cve@mitre.org", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml"}, {"source": "cve@mitre.org", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/329772"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/329772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44265"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}