跳转到主内容

ONTAP Tools for VMware vSphere:ONTAP tools 9.x 中的漏洞

Views:
1
Visibility:
Public
Votes:
0
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

适用于

  • ONTAP tools for VMware vSphere (OTV) 9.13 P1
  • OTV9.13 P1 端口 8143、8443 和 9083 报告的易受攻击的密码
  • OTV9.13 P1 报告的 HTTP OPTIONS 漏洞
  • ONTAP tools for VMware vSphere 9.13 P1 中的 OpenSSH 漏洞
  • OTV 9.12 中端口 8443 上的 HTTPS 服务器缺少 HSTS

问题描述

  • OTV9.13 P1 中端口 8143、8443 和 9083 报告的易受攻击的密码:在端口 8143(vscserver)8443(rpserver)9083(vp-server) 上检测到易受攻击的密码套件 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA、TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA、TLS_RSA_WITH_AES_128_CBC_SHA、TLS_RSA_WITH_AES_256_CBC_SHA,这是在运行漏洞扫描工具时发现的。
  • OTV9.13 P1 中报告的 HTTP OPTIONS 漏洞:端口 8143 已启用 HTTP OPTIONS 方法。HTTP OPTIONS 方法虽然主要用于调试目的,但攻击者可以利用它来检索有关系统的敏感信息
  • ONTAP tools for VMware vSphere 9.13 P1 中的 OpenSSH 漏洞:OpenSSH 已发布 CVE-2024-6387 的安全公告和补丁。根据 Blackduck 数据,已确认您的产品使用了 OpenSSH。
  • OTV 9.12 中端口 8443 上的 HTTPS 服务器缺少 HSTS:通过 Nessus 等扫描工具发现的漏洞 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.