Vulnerability Description
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | E-Series Santricity Os Controller | >= 11.0.0, <= 11.70.2 |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/NTAP-20220527-0002/Vendor Advisory
- https://security.netapp.com/advisory/NTAP-20220527-0002/Vendor Advisory
FAQ
What is CVE-2022-23237?
CVE-2022-23237 is a vulnerability with a CVSS score of 6.1 (MEDIUM). E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.
How severe is CVE-2022-23237?
CVE-2022-23237 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23237?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp E-Series Santricity Os Controller.