NetApp OnCommand Unified Manager Core Package CVE-2017-11461 Clickjacking Vulnerability

NetApp OnCommand Unified Manager Core Package is prone to an click-jacking vulnerability.
Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible.
Versions prior to NetApp OnCommand Unified Manager Core Package 5.2.1 are vulnerable.

Information

Bugtraq ID: 101778
Class: Design Error
CVE: CVE-2017-11461

Remote: Yes
Local: No
Published: Nov 07 2017 12:00AM
Updated: Nov 07 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: NetApp OnCommand Unified Manager Core Package 5.2
NetApp OnCommand Unified Manager Core Package 5.1
NetApp OnCommand Unified Manager Core Package 5.0

Not Vulnerable:

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted webpage.

References:

NetApp Homepage (NetApp)
CVE-2017-11461 Clickjacking Vulnerability in OnCommand Unified Manager for 7-mod (NetApp)

Source: www.securityfocus.com

Exploit Collector

Search Exploit