What ONTAP's command is affected by CVE-2024-21982?
Applies to
ONTAP 9
Answer
The command affected by CVE-2024-2198 is any use of
object-store profiler start
command as below:Additional Information
CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
Summary
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.